Redis_Rce

漏洞复现

docker pull redis

upload successful

Docker run -d redis

upload successful

Docker run -it redis /bin/bash

upload successful

docker inspect 9f5946f764b9 | grep IPAddress

upload successful

https://github.com/jas502n/Redis-RCE

upload successful

漏洞原理

文章https://paper.seebug.org/975/

upload successful

看这张图就懂了

漏洞参考

https://paper.seebug.org/975/

漏洞EXP

https://github.com/LoRexxar/redis-rogue-server
https://github.com/jas502n/Redis-RCE
https://github.com/n0b0dyCN/redis-rogue-server
https://github.com/RicterZ/RedisModules-ExecuteCommand