Redis Lua sandbox escape RCE in Debian/Ubuntu packages

Small standalone Python exploit repository for CVE-2022-0543 targeting Redis Lua sandbox escape. The repository contains only three files: an MIT LICENSE, a short README describing features, and the main exploit script exploit.py. The Python script uses the redis client library to connect to a target Redis server, optionally authenticate, and invoke EVAL with a crafted Lua payload. That payload calls package.loadlib on /usr/lib/x86_64-linux-gnu/liblua5.1.so.0, obtains the io library, and uses io.popen to execute arbitrary operating system commands on the Redis host. The exploit first performs a lightweight validation by running whoami and checking for output, then supports three operational modes: check-only (-c), single command execution (-x), and an interactive command loop. It also includes an automatic reverse shell mode using bash over /dev/tcp with attacker-supplied callback IP and port (-I/-P). The exploit is operational rather than a mere PoC because it includes working post-exploitation options, but it is not framework-based or heavily modularized. Fingerprintable indicators include the target Redis service on TCP 6379, the hardcoded Lua library path used for sandbox escape, and the reverse-shell callback mechanism.

This repository contains a Python exploit script (CVE-2022-0543.py) targeting Redis servers vulnerable to CVE-2022-0543, a Lua sandbox escape vulnerability. The exploit connects to a specified Redis server (IP, port, and optional password), then allows the user to execute arbitrary shell commands on the server by injecting a malicious Lua script that loads the system's Lua IO library and uses it to run shell commands. The output of the command is returned and displayed to the user. The exploit is interactive, prompting the user for connection details and commands to execute. The README provides a brief description and usage instructions. The main fingerprintable endpoint is the file path to the Lua library used for the exploit. The attack vector is network-based, requiring access to the Redis server. The repository is straightforward, with one exploit script and a README.

This repository contains a fully featured exploit for CVE-2022-0543, a critical Lua sandbox escape vulnerability in Redis. The main file, 'exploit.py', is a Python script that connects to a target Redis instance (defaulting to 127.0.0.1:6379) and leverages the vulnerability to execute arbitrary shell commands on the server. The exploit supports three main modes: (1) automatic reverse shell to an attacker-controlled host and port, (2) execution of a single specified command, and (3) an interactive shell for running arbitrary commands. The exploit works by injecting a Lua script that loads the system's Lua shared library and uses it to break out of the sandbox, allowing shell command execution. The script requires the target Redis server to be accessible and, if authentication is enabled, valid credentials must be provided. The repository also includes a README with usage instructions and a LICENSE file. No hardcoded external endpoints are present, but the exploit targets the Redis TCP service and the system's Lua library path.

This repository contains a Go-based exploit for CVE-2022-0543, a Redis Lua sandbox escape vulnerability. The main file, CVE-2022-0543.go, implements an interactive command shell that connects to a Redis server (default 127.0.0.1:6379, configurable via command-line flags), authenticates if necessary, and leverages a Lua payload to escape the sandbox and execute arbitrary system commands on the server. The exploit uses the Lua 'package.loadlib' function to load the system's Lua IO library and then runs attacker-supplied commands via 'io.popen', returning the output. The README provides usage instructions and a disclaimer. The exploit targets vulnerable Redis instances accessible over the network and requires knowledge of any authentication credentials if set. The repository is structured simply, with one Go exploit file and a README.