漏洞描述
Memcached stats is used to return server statistics such as PID, version, connections, etc.
memcached-stats: Memcached stats disclosure
PoC代码[已公开]
id: memcached-stats
info:
name: Memcached stats disclosure
author: pdteam
severity: low
description: |
Memcached stats is used to return server statistics such as PID, version, connections, etc.
metadata:
max-request: 1
tags: network,memcached,misconfig,tcp
tcp:
- inputs:
- data: "stats\r\n\r\nquit\r\n"
host:
- "{{Hostname}}"
port: 11211
read-size: 2048
matchers:
- type: word
words:
- "STAT "
# digest: 4a0a00473045022100dda2853b79efb965f8e883f39dd2a62a42ce6de2e16e0b3520ac729e0abb4c830220797f2b18a101511343aa3f02b5c625651ab44b73247fa323535f555af03631bd:922c64590222798bb761d5b6d8e72950