漏洞描述
CacheCloud提供一个Redis云管理平台实现多种类型(Redis Standalone、Redis Sentinel、RedisCluster)自动部署、解决Redis实例碎片化现象、提供完善统计、监控、运维功能、减少运维成本和误操作,提高机器的利用率,提供灵活的伸缩性,提供方便的接入客户端。/manage/app/tool/diagnostic/appInstances接口未授权可读取redis信息,随后命令执行。
CacheCloud redis云平台 redis未授权管理员添加
PoC代码
暂无相关漏洞推荐
- POC ec2-unrestricted-redis: Unrestricted Redis Access
- POC cache-redis-encryption-disabled: ElastiCache Redis In-Transit and At-Rest Encryption - Disabled
- POC cache-redis-multiaz-disabled: ElastiCache Redis Multi-AZ - Disabled
- POC azure-redis-nonssl-port-disabled: Azure Redis Cache In-Transit Encryption Not Enabled
- POC azure-redis-tls-version-outdated: Azure Redis Cache TLS Version Not Latest
- POC redis-unauthorized: Redis Unauthorized
- POC redis-config: Redis Configuration File - Detect
- POC redis-exception-error: Redis Exception Connection Error Page
- POC flask-redis-docker: Flask Redis Queue Docker - Exposure
- POC unauth-redis-insight: RedisInsight - Unauthenticated Access
- POC redis-default-logins: Redis - Default Logins
- POC exposed-redis: Redis Server - Unauthenticated Access
- POC redis-detect: Redis Service - Detect