SSRF + Redis

SSH Public Key

$HOME/.ssh/authorized_keys is used to store a list of SSH public keys so that users log in without password. If $HOME/.ssh/authorized_keys is writable, this can be used to store the attacker's SSH public key.

Reference

Exploiting Redis Through SSRF Attack

Last updated

Was this helpful?