SSRF+redis
时间: 2023-09-04 17:16:59 浏览: 113
SSRF redis是指通过Server-Side Request Forgery (SSRF)攻击技术利用redis未授权访问漏洞的组合。SSRF漏洞可以让攻击者发送伪造的请求,使服务器在攻击者的控制下发送请求到内部网络或其他外部系统。而redis未授权访问漏洞指的是redis数据库未经任何身份验证就可以被访问和控制的漏洞。通过这两种漏洞的结合,攻击者可以利用SSRF漏洞请求含有未授权访问漏洞的redis,然后通过redis的数据备份功能将恶意代码写入服务器的定时文件中,最终实现反弹shell攻击。<span class="em">1</span><span class="em">2</span><span class="em">3</span>
#### 引用[.reference_title]
- *1* [ssrf+redis](https://blog.csdn.net/qq_45213259/article/details/110352124)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v93^chatsearchT3_1"}}] [.reference_item style="max-width: 50%"]
- *2* *3* [SSRF+Redis组合拳啊哒~](https://blog.csdn.net/qq_43665434/article/details/115408269)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v93^chatsearchT3_1"}}] [.reference_item style="max-width: 50%"]
[ .reference_list ]
阅读全文