Share
## https://sploitus.com/exploit?id=5F5403AD-2EDB-5730-89AC-F104668DDAED
This is a PoC exploit for CVE-2015-4335, a Redis Lua sandbox escape and arbitrary code execution vulnerability. The tool, named redischeck, checks a Redis instance for security vulnerabilities. It performs three checks: (1) if the AUTH command is set, (2) if the CONFIG command has been renamed, and (3) if the Redis version is not vulnerable to CVE-2015-4335. The tool can be run with various flags, including -localhost, -host, -port, -passfile, -timeout, and -help. The tool uses a password file (password.txt) to authenticate to Redis, and it can be run with a password file or without one, depending on the -passfile flag. The tool is licensed under the Apache License, Version 2.0.