Improperly configured directly execute the command, you can endanger the entire network system, due to the vulnerability of IP is not a binding domain, that is not*. letv.com and all the test say is with the domain name, without a domain name is not received, so sobug does not recognize this vulnerability. We feel this hole should yield? http://22.214.171.124:8080/script Jenkins no authentication, can be accessed directly
You can see there is a public network IP and internal network IP, after the ping test can be directly connected to the public network, and therefore a bounce or directly connected to the SOCKS5 proxy can be accessed directly within the network system. wget a scan script for the preliminary detection:!
The website of the banner information are displayed is letv within the network is correct, then by the curl and other commands, you can access network resources.
println "curl http://10.126.32.75/". execute(). text