Unauthorized Access Vulnerability in Redis
Introduction
Redis is an open source storage system that supports persistent storage of data, supports key-value, list, set and other data structure storage, and supports backup.
However, if redis has unauthorized access, it will lead to the attacker being able to access redis internal resources without authentication, obtain sensitive files, and even execute flushall to clear data, write ssh public key to the root account and directly remote login to the target server.
Environment Setup
Just run redis-server
Vulnerability Reproduction
Access SSH private key
Reverse shell
This method failed in ubuntu due to the inability to ignore garbled code.
Last updated