Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Redis Exception Connection Error Page

By kannthu

Low
Vidoc logoVidoc Module
#exposure#redis#logs
Description

What is the "Redis Exception Connection Error Page?"

The "Redis Exception Connection Error Page" module is designed to detect misconfigurations or vulnerabilities related to the Redis database. It targets instances where a connection error occurs, specifically when the redis.exceptions.ConnectionError exception is thrown. This module has a low severity level and was authored by DhiyaneshDk.

Impact

If this module detects a Redis connection error, it indicates a potential issue with the Redis database configuration. This could lead to service disruptions or data integrity problems.

How the module works?

The "Redis Exception Connection Error Page" module works by sending HTTP requests and evaluating the responses against specific matching conditions. It checks for the presence of the redis.exceptions.ConnectionError exception in the response body, a text/plain content type in the response headers, and a status code of 500. If all these conditions are met, the module reports a vulnerability.

Here is an example of an HTTP request that the module might send:

GET /path/to/redis HTTP/1.1
Host: example.com
User-Agent: Vidoc-Scanner

The module's matching conditions are as follows:

- The response body must contain the redis.exceptions.ConnectionError exception. - The response headers must include a text/plain content type. - The response status code must be 500.

When all these conditions are met, the module identifies a potential vulnerability related to Redis connection errors.

Module preview

Concurrent Requests (0)
Passive global matcher
word: redis.exceptions.ConnectionErrorand
word: text/plainand
status: 500
On match action
Report vulnerability