A vulnerability can lead to getting letv network-vulnerability warning-the black bar safety net

ID MYHACK58:62201451730
Type myhack58
Reporter 佚名
Modified 2014-07-25T00:00:00


Improperly configured directly execute the command, you can endanger the entire network system, due to the vulnerability of IP is not a binding domain, that is not*. letv.com and all the test say is with the domain name, without a domain name is not received, so sobug does not recognize this vulnerability. We feel this hole should yield? Jenkins no authentication, can be accessed directly

You can see there is a public network IP and internal network IP, after the ping test can be directly connected to the public network, and therefore a bounce or directly connected to the SOCKS5 proxy can be accessed directly within the network system. wget a scan script for the preliminary detection:!

The website of the banner information are displayed is letv within the network is correct, then by the curl and other commands, you can access network resources.

println "curl". execute(). text


[1] [2] next