Alibabacloud.com offers a wide variety of articles about intranet messaging system, easily find your intranet messaging system information here online.
Incorrect configuration of a system in caoxin capital results in the Intranet access of the Getshell server.
If the system is improperly configured, The getshell server can access the Intranet.
Address: http: // 123.57.91.68/level2.jsp? Caid = 002
Improper jboss ConfigurationHttp: // 123.57.91.68/web-console
Getshell
Getshell (intranet penetration allowed) caused by SQL Injection in a system of Shenzhen Airlines)
Http://ecargo.shenzhenair.com: 23454/login. aspx
First, the verification code has a vulnerability. The verification code is reused.After obtaining a verification code, you can submit it all the time without obtaining it again.An error is reported when the user name is submitted in single quotes.Saving the post
Getshell (involving the core network segments of the Intranet and Credit System)
One of you has eight individual credit card licenses in China. In the credit investigation regulations, the license can be revoked for violation or leakage of information twice.A credit investigation institution that operates an individual's credit investigation business shall comply with the company's establishment conditions
Midea Supply Chain Management System (formal environment) has command execution. getshell can roam 53 machines through the Intranet.
A lot of Intranet machines
Http: // 202.104.30.80: 8000/Http: // 202.104.30.80/
JAVA deserialization VulnerabilityGet shellHttp: // 202.104.30.80: 8000/uddiexplorer/css. jspInvolves multiple systems
Detect IntranetHttp: // 202.104
Levision video conferencing system can be injected with shell and Intranet.
Blind SQL Injection exists in the letv Video Conferencing System. Attackers can use SQL injection to directly write the shell.It seems that this meeting system has just been launched?In the current environment, you can access the
A provincial O M system of China Mobile has blind injection and getshell (a large number of employees/basic devices/authorizable Intranet)
Blind injection is really slow
Http ://
Mask Region
1.://**.**.**/NMMP/
Forgot passwordMobile =Oracle time blind Injection
POST /NMMP/resetpwdAction!checkAccountAndMobile.ilf HTTP/1.1Host:
Mask Region
1.://**.**.**
Proxy-Connection: keep-al
Still started the original title name (see http://www.linuxidc.com/Linux/2009-12/23516.htm), today in looking for the Intranet Ubuntu system update solution, saw a post on the site, very excited. You can take a look and find that the apt-proxy stuff is no longer in the Ubuntu (LTS) release version, it seems that this post is a little behind the trend. I checked the information. appro is currently available
The Getshell of a Project System of Beijing Telecom has been added to the Intranet (you can view the information about the entire company's devices/project information leakage)
--
Defect address: http: // 59.41.46.167: 8122 -- this is Sichuan BranchOpened many ports
The secret password is 123456 getshell
Socks5 inbound Intranet
In the same network segm
Intranet DNS SystemFunction: Resolve intranet domain name and Dns-cacheSoftware: DNSMASQOne. InstallationYum-y Install DNSMASQTwo. Server Configuration1.vi/etc/resolv.conf using the DNSMASQ server when querying domain names locallyNameServer 127.0.0.12.vi/etc/dnsmasq.confRESOLV-FILE=/ETC/DNSMASQ.RESOLVCONF Specifies the DNS server files read from the upper layerno-hosts specifies that the
Intranet system,
Service-Side Php+mysql
The value of the Data table field is written in PHP to make a judgment, the normal hint of the same number can not be repeated insert data, but sometimes when the operation was clearly submitted only once, but found that the same time and the same second write two.
The warrior knows what's going on.
Reply to discussion (solution)
It's probably a two-time commit
Tags: remote remote connection term interface author step environment Rest IntranetFirst, the tool preparation:1. Intranet virtual Machine Ubuntu12.04 system host one, open port: 299992. Remote connection software: MobaxtermSecond, the opening step:1. View Port status information:Netstat-antl | grep 29999 found 29999 ports in listening state3. Configure Sshd_config to set the default port 22 to 29999, if yo
A weak service password in a business management system of Guohua life insurance caused getshell to be accessible to the Intranet.
China Life Insurance Business Management System address: http: // 59.151.39.85/pre/The system uses weblogic middleware and has a weak password weblogic/weblogicUse weblogic getshellOne-sent
Well, I want to use some testing machines of the reported vulnerabilities to see where they can penetrate. As a result, Netease has various internal systems, various servers, and various vulnerabilities ......Detailed Description: Then the above: http://www.bkjia.com/Article/201208/151524.html for testing.The information obtained from the cracked email address and internal forum is as follows:1. SVN, Development Resource Platform, and corporation OA addresses, but can only be accessed from inter
An old system in Qijia, GETSHELL, to the Intranet
No highlights
Access:Http://chajian.jia.com/kaoshi/I don't know what the system is.Then openHttp://chajian.jia.com/kaoshi/admin/Admin-> adminFruitless.Later I looked at Qijia's vulnerability and found that no attempt was made for weak passwords of 123456. Then I tried it.The logon is successful.Because at first I
A system patch is not timely, causing shell execution to threaten 84 Intranet hosts.
If the patch is not timely, can the command be executed at a high level?
Address: http: // 218.89.135.237: 9000/hd/
This is the windows system s2-005 Command Execution
Column directory
Files can be uploaded.
Http: // 218.89.135.237: 9000/wpp. jsp
Shell:Http: // 218.89.135.23
A command execution vulnerability in a system of huatai insurance threatens the Intranet.
Command Execution
System address:Http: // 219.141.242.62/huataiwechart/index_neu.jsp
Address: Where did the customer come from? huatai property insurance public account
http://219.141.242.62/huataiwechart/tmp/checkcodeClaim
Target: http://219.141.242.62/huataiwechart/tmp/c
Qiangzhi educational administration system kills Getshell (Elevation of Privilege server Intranet penetration)
File: unzip GL \ jcxx \ savetofile. asp
Use exp:
Directly use exp.html to upload any file. The server has almost the sa permission, and the elevation of permission is complete.
Configuration file:
Conn \ connstring. asp
Server Self-carried Serv-U Exec> Elevation of Privilege.
As you can see
or the original title name, today in the intranet Ubuntu system to update the scheme, see the site on a post, is very excited. Can take a look but found that this apt-proxy is not in the Ubuntu 12.04 (LTS) release version, it seems that this post is a bit not keep up with the kind of trend. Check the data, the current release version provides the approx. The official description is as follows:
Approx is a
# Conn 0 AVG Conn Time 0.00msBased on the above output, I just need to be ssh -p 2244 [emailprotected] able to connect 客户端1 the computer on client 2.By default, ngrok the forwarding port is random, if you want to pin, edit ~/.ngrok , add the chan
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.