Broker injection

This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages) This article's factual accuracy is disputed. Relevant discussion may be found on the talk page. Please help to ensure that disputed statements are reliably sourced. (March 2016) (Learn how and when to remove this message) This article includes a list of references, related reading, or external links, but its sources remain unclear because it lacks inline citations. Please help improve this article by introducing more precise citations. (March 2016) (Learn how and when to remove this message) This article is written like a personal reflection, personal essay, or argumentative essay that states a Wikipedia editor's personal feelings or presents an original argument about a topic. Please help improve it by rewriting it in an encyclopedic style. (March 2016) (Learn how and when to remove this message) (Learn how and when to remove this message)

Broker injection attack is a type of vulnerability that exploits misconfigured brokers, potentially allowing an attacker to read, write and inject information from/into their flow.

There are many scenarios in which a broker is used to transport the information between tasks.

One of the most typical use cases is send e-mails in background. In this scenario we'll have two actors:

• An information producer (a website, for example).
• A worker or background process who actually sends the e-mail.

The producer needs an asynchronous and non-blocking way to send the email information to the worker.

This system is usually a broker. It takes the information from the web front-end and passes it to the worker, generating a new task in the worker. So, the worker has all the information to send the e-mail.

Taking the above scenario as an example, if we could access the broker, we would be able to make the worker generate new tasks with arbitrary data, unleashing a broker injection.

With this in mind, we could make the following attacks:

• Listing remote tasks.
• Reading a remote task's contents.
• Injection of tasks into remote processes.
• Removing remote outstanding tasks.

The broker injection attack is not new, but it didn't have a name. This name was coined by Daniel García (cr0hn) at the RootedCON 2016 conference in Spain.

• Redis
• RabbitMQ
• ZeroMQ
• Message broker
• Celery (software)

• Official Redis security tips
• Enteletaor: The broker injection tool
• Broker injection in RootedCON 2016 (Spanish)^{[permanent dead link]}