CVE-2022-0543 PoC — Redis 代码注入漏洞

Source

https://github.com/JacobEbben/CVE-2022-0543

Associated Vulnerability

Title:Redis 代码注入漏洞 (CVE-2022-0543)
Description:Redis Labs Redis是美国Redis Labs公司的一套开源的使用ANSI C编写、支持网络、可基于内存亦可持久化的日志型、键值（Key-Value）存储数据库，并提供多种语言的API。 Redis 存在代码注入漏洞，攻击者可利用该漏洞远程执行代码。

Description

Redis RCE through Lua Sandbox Escape vulnerability

Readme

# CVE-2022-0543
Fully featured exploit for Redis RCE through Lua Sandbox Escape vulnerability. Based on https://thesecmaster.com/how-to-fix-cve-2022-0543-a-critical-lua-sandbox-escape-vulnerability-in-redis/.

Features:
  - Automatic reverse shell (-I + -P)
  - Single command execution (-x)
  - Basic shell (Default)

TO DO:
  - Need better checks to prevent false-positives

DISCLAIMER: This script is made to audit the security of systems. Only use this script on your own systems or on systems you have written permission to exploit.

File Snapshot


 [4.0K]  /data/pocs/cdecb76900e43966d25a54d6cf315ddc3a911a0e
├── [4.5K]  exploit.py
├── [1.0K]  LICENSE
└── [ 538]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!