💉 Can you inject Redis commands through their note caching system?

A note caching API constructs Redis commands using string concatenation, creating opportunities for CRLF injection attacks. When user input meets insufficient sanitization, even simple note storage can become a pathway to Redis command injection and session manipulation. 🎯 Time to test your protocol injection skills!

Flags

Points

Daily Challenge

Free Access

Start Lab Environment

Launch your dedicated AWS machine to begin hacking

~1-2 min setup

AWS dedicated

Private instance

Industry standard

Daily Challenge

Solution Coming Soon

The solution for this lab will be available on 18 Sep 2025 00:00 UTC.

To keep the new labs challenging for everyone, solutions are only available 1 month after a lab has been released or when it gets archived, whichever comes first.

Labs / Redis Cache Poisoner

💉 Can you inject Redis commands through their note caching system?

Start Lab Environment

First time? Watch this quick tutorial

Solution Coming Soon