Redis SSRF
Last updated
Was this helpful?
Last updated
Was this helpful?
It used to be that if you could make requests to Redis through , you were able to get RCE. However, because Redis is aware that this is a big issue, they will terminate the connection when they come across a line starting with POST
or Host:
.
So you need to somehow get text into Redis before the Host:
line comes. One way to accomplish this is to use a CRLF injection. This might not work for HTTP SSRFs, but if you can use the git://
protocol, for example, then it might work.
Example payload can be found here: