漏洞描述
Redis configuration file was detected.
redis-config: Redis Configuration File - Detect
PoC代码[已公开]
id: redis-config
info:
name: Redis Configuration File - Detect
author: geeknik
severity: medium
description: Redis configuration file was detected.
reference:
- https://redis.io/docs/manual/config/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
cpe: cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: html:"redis.conf"
product: redis
vendor: redis
tags: redis,exposure,config,vuln
http:
- method: GET
path:
- "{{BaseURL}}/redis.conf"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "bind"
- "protected-mode"
- "port "
condition: and
- type: word
part: header
words:
- "application/octet-stream"
- type: status
status:
- 200
# digest: 4b0a00483046022100b2ad2fd273fe5115ffb32a28f8f3fc0fee7d9a4f6bf455fa4042dc935593f5570221009b423c409f265d9df09c6aa370d0e995f505a658c472554d2f9087639dc36a60:922c64590222798bb761d5b6d8e72950