πŸ”— Client-Side Redis Attack PoC

"This means that if you're a developer and you have Redis running in protected mode, as your own user or root (or some other user which has write permissions to your home directory), I can still own you through your browser. I can use JavaScript to craft an HTTP POST request to port 6379 and abuse Redis commands in such a way that I can write data to an arbitrary file. I can use this to write data to your user's .inputrc file and mess with you."

🌎 https://ericrafaloff.com/client-side-redis-attack-poc/