maoning
commented
1 year ago Hi @shpei1963,
Thanks for your request! This vulnerability is in scope for the reward program. Please submit our participation form and you can start working on the development.
As liblua could be in multiple versions and installed in different locations, could you create a static list (or dynamic one if you want like https://github.com/google/tsunami-security-scanner-plugins/blob/master/google/detectors/exposedui/phpunit/src/main/java/com/google/tsunami/plugins/detectors/exposedui/phpunit/PHPUnitExposedEvalStdinDetectorConfigs.java#L20) in the plugin to keep track of lib version + location like /usr/lib/x86_64-linux-gnu/liblua5.1.so.0? You could just have a single value in the list for now, but have the business logic in place to have the detector load each lib from the list and look for RCE.
Please keep in mind that the Tsunami Scanner Team will only be able to work at one issue at a time for each participant so please hold on the implementation work for any other requests you might have.
Thanks!
shpei1963
Hi, I'd like to write a detector for Redis CVE-2022-0543 RCE and the code is almost ready. The exploit is explained in https://github.com/vulhub/vulhub/tree/master/redis/CVE-2022-0543