Getshell (root permission affects Intranet/database information leakage) caused by command execution vulnerability in a site of yisearch Technology)
Rt
Http: // 120.197.138.35/will jump to http://book.easou.com/
Jdwp command execution vulnerability in port 9999
Http: // 120.197.138.35: 8080/port resin
You can remotely deploy the shell using the resin path.
Http: // 120.197.138.35: 8080/resin-doc/shell. jsp
Easou.com
Various database configuration information leaks
Multiple databases can be connected
Svn Password
Root permission Intranet
Many redis instances in the Intranet are not authorized for access. You can use ssh-key to penetrate into the Intranet without further testing.
Http: // 120.197.138.35/will jump to http://book.easou.com/
Jdwp command execution vulnerability in port 9999
Http: // 120.197.138.35: 8080/port resin
You can remotely deploy the shell using the resin path.
Http: // 120.197.138.35: 8080/resin-doc/shell. jsp
Easou.com
Various database configuration information leaks
Multiple databases can be connected
Svn Password
Root permission Intranet
Many redis instances in the Intranet are not authorized for access. You can use ssh-key to penetrate into the Intranet without further testing.
Solution:
Shut down unnecessary ports.