Leakage of sensitive information in the market leads to intranet roaming
I read two articles about the vulnerabilities in the market on wooyun, in the spirit of professionalism.
I scanned the market again and found that there were still more than N weak accounts.
I randomly picked one and checked it out. I found that the Technical Department of the market network was still very diligent and reminded me, and forced the weak passwords of many employees to be voided. The Weakest link was the personnel, especially when there are too many people.
I will not reveal the specific accounts, and save the effort to make these employees suffer unnecessary troubles. Your IT department should re-check the accounts with weak passwords and make mandatory changes.
On WOOYUN, refer to the vulnerability:
WooYun: loose Account Control of an important system in Ganji results in leakage of a large amount of internal information (affecting multiple internal sites)
WooYun: multiple online systems (employee information/customer information/company qualification/call recording and other leaks)
The description in is clear, and the basic system of the account can be accessed.
I will cut a few pictures to prove that it has entered.
Supplement:
Enter the account: Username: liyingmin password: ganji @ 2014
Solution:
Check the password again and change the weak passwords.