Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

Redis profile and unauthorized access

2025-01-17 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Brief introduction of redis profile and unauthorized access to 0x00 redis

REmote DIctionary Server (Redis) is a key-value storage system written by Salvatore Sanfilippo.

Redis is an open source log database written in ANSI C language, complies with BSD protocol, supports network, can be memory-based and persistent, Key-Value database, and provides API in multiple languages. It is often called a data structure server because the value can be of types such as String, Map, list, sets, and sorted sets.

0x01 redis profile

Profile name: redis.conf

Default path: / etc/redis.conf

Default port: 6379

Fields related to permissions and passwords in the redis configuration file:

# bind 192.168.1.100 10.0.0.The bind 127.0.0.1:: internet, binding to all the interfaces is dangerous and will expose the# following bind directive, that will force Redis to listen only intobind 0.0.0.The If the master is password protected (using the "requirepass" configuration# requirepass foobared

Bind represents the ip allowed to be accessed

Password for requirepass code to access redis

In 0x02's case, Redis exists unauthorized access startup mode corresponds to whether there is unauthorized access to the process configuration file. / redis-server00:00:00 redis-server 0.0.0.0 redis-server redis.confredis-server 0.0.0.0:6379bind 6379 no configuration file does not exist. / redis-server redis.confredis-server 0.0.0.0 redis-server redis.confredis-server 0.0.0.0:6379bind 6379 default configuration does not exist. / redis-server redis. Confredis-server 0.0.0.0:6379requirepass foobared Bind 0.0.0.0 does not exist

To sum up, the conditions for unauthorized access to the table name redis are:

The configuration file (. / redis-server redis.conf) is loaded to allow any ip login, or your own ip is within the allowable range (bind 0.0.0.0) without a password (# requirepass foobared)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Configuration file password data language order code representative memory name multiple field character string situation database data structure method log server vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Huawei Redmi Shulou Information vpn MariaDB Shulou Technology Linux Shulou Tech Info Microsoft macOS MySQL OPPO Reno Apple NVidia Xiaomi Docker Huawei Redmi Shulou Information vpn MariaDB Shulou Technology Linux Shulou Tech Info Microsoft macOS MySQL OPPO Reno Apple NVidia Xiaomi Docker

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report