A vulnerability can cause direct letv Intranet attacks
Improper configuration direct execution of commands can endanger the entire intranet system. Because the IP address of this vulnerability is not bound to a domain name, that is, not * .letv.com, the public test is about domain names, sobug does not recognize this vulnerability because it does not contain domain names. Do you think this kind of hole should be accepted? Http: // 123.126.32.82: 8080/script
Jenkins is not authenticated and can be accessed directly
You can see that there are public IP addresses and Intranet IP addresses. After the ping test, you can directly connect to the public network. Therefore, you can directly access the Intranet system by rebounding or directly connecting to the SOCKS5 proxy.
Wget A scan script for Initial Detection:
The banner information of the website also shows that letv's intranet is correct, and other commands such as curl can be used to access intranet resources.
Println "curl http: // 10.126.32.75/". execute (). text
Solution:
Set Password