CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/auxiliary/scanner/redis/file_upload.md
Views: 1904
Description
Redis is an in-memory data structure project implementing a distributed, in-memory key-value database with optional durability. Redis supports different kinds of abstract data structures, such as strings, lists, maps, sets, sorted sets, HyperLogLogs, bitmaps, streams, and spatial indexes.
This module can be used to leverage functionality exposed by Redis to achieve somewhat arbitrary file upload to a file and directory to which the user account running the redis instance has access. It is not totally arbitrary because the exact contents of the file cannot be completely controlled given the nature of how Redis stores its database on disk.
Vulnerable Application
This module is tested on two different Redis server instances. Virtual testing environments (inside docker container):
Redis 5.0.6
Redis 4.0.14
Verification Steps
Do:
use auxiliary/scanner/redis/file_uploadDo:
set rhosts [ips]Do:
set LocalFile [local_file_path_to_be_uploaded]Do:
set RemoteFile [remote_file_destination]Do:
run
Options
DISABLE_RDBCOMPRESSION
If set to false, redis server will disable compression before saving. Defaults to true.
FLUSHALL
If set to true, redis server will remove all redis data before saving. Defaults to false.
LocalFile
Path to the local file to be uploaded.
RemoteFile
Path, or file name, to store the file as on the Redis server.