A CSRF demonstration of stealing local Redis data, and encrypting all Redis instances on a local network

Whatsinmyredis.com Redis <3.2.7 suffers from CSRF issues which allows an attacker to run arbitrary redis commands on local/internal redis instances. These attacks have been mitagated in the latest versions of redis. Demoed on

Related Repos


RediSearch RediSearch implements a search engine on top of Redis, but unlike other Redis search libraries, it does not use internal data structures like Sorted Sets.

tidwall Redcon is a custom Redis server framework that is fast and simple to use. This is a C version of the original Redcon, and is built on top of evio.c.

tidwall A fault-tolerant Sqlite service running on Uhaha.

chjj An optimized and cryptographically provable key-value store. Written in C.

gamenet Redis memory profiler to find the RAM bottlenecks throw scaning key space in real time and aggregate RAM usage statistic by patterns.

ankane Uses homomorphic encryption, so the server can’t read data or queries. Powered by HElib and follows the Redis protocol.

Tencent Tendis is a high-performance distributed storage system which is fully compatible with the Redis protocol. It uses RocksDB as the storage engine, and all data is stored to disks through RocksDB. Users can access Tendis using a Redis client, and the application hardly needs to be changed. In addition, Tendis supports storage capacity far exceeding memory, which can greatly reduce user storage costs.

bytedance TerarkDB is a RocksDB replacement with optimized tail latency, throughput and compression etc. In most cases you can migirate your existing RocksDB instance to TerarkDB without any drawbacks.