Alright guys who so ever are still on this.
Either provide the solution or i have my work here…
Database is cassandra
Dont try NoSqlMap. It does not has this one listed yet.
You.ll have tk read into all the queries and convert them yourself to exploit it.
Interesting technical challenge. Good work and thank you for making it possible, Rodolfo.
As we were discussing yesterday via DM on Twitter, so any other participant may be interested, there’s at least a couple of similar solutions, which not only allow to bypass the authentication, but also to retrieve the original password for a targeted username.
I couldn’t find a way to programmatically extract or infer the username (or usernames, if there’s more than one) in this particular context, due to the limited syntax Cassandra allows (compared to a relational database), and also because of the structure of the original underlying query and injection points. I don’t think it’s actually possible, but if anyone finds a way, I’d like to know how 🙂
Also, congratulations to Haxel0rd for the first solve.