A vulnerability can lead to getting letv network-vulnerability warning-the black bar safety net

2014-07-25T00:00:00
ID MYHACK58:62201451730
Type myhack58
Reporter 佚名
Modified 2014-07-25T00:00:00

Description

Improperly configured directly execute the command, you can endanger the entire network system, due to the vulnerability of IP is not a binding domain, that is not*. letv.com and all the test say is with the domain name, without a domain name is not received, so sobug does not recognize this vulnerability. We feel this hole should yield? http://123.126.32.82:8080/script Jenkins no authentication, can be accessed directly

You can see there is a public network IP and internal network IP, after the ping test can be directly connected to the public network, and therefore a bounce or directly connected to the SOCKS5 proxy can be accessed directly within the network system. wget a scan script for the preliminary detection:!

The website of the banner information are displayed is letv within the network is correct, then by the curl and other commands, you can access network resources.

println "curl http://10.126.32.75/". execute(). text

!

[1] [2] next