<body><script type="text/javascript"> function setAttributeOnload(object, attribute, val) { if(window.addEventListener) { window.addEventListener('load', function(){ object[attribute] = val; }, false); } else { window.attachEvent('onload', function(){ object[attribute] = val; }); } } </script> <div id="navbar-iframe-container"></div> <script type="text/javascript" src="https://apis.google.com/js/platform.js"></script> <script type="text/javascript"> gapi.load("gapi.iframes:gapi.iframes.style.bubble", function() { if (gapi.iframes && gapi.iframes.getContext) { gapi.iframes.getContext().openChild({ url: 'https://www.blogger.com/navbar.g?targetBlogID\x3d3677929\x26blogName\x3dns+blog+(na2sr)\x26publishMode\x3dPUBLISH_MODE_BLOGSPOT\x26navbarType\x3dSILVER\x26layoutType\x3dCLASSIC\x26searchRoot\x3dhttps://na2sr.blogspot.com/search\x26blogLocale\x3den_US\x26v\x3d2\x26homepageUrl\x3dhttp://na2sr.blogspot.com/\x26vt\x3d-3381313577186703684', where: document.getElementById("navbar-iframe-container"), id: "navbar-iframe", messageHandlersFilter: gapi.iframes.CROSS_ORIGIN_IFRAMES_FILTER, messageHandlers: { 'blogger-ping': function() {} } }); } }); </script>

ns blog (na2sr)

sekilas catatan ...

Situs intranet dapat diakses dari Internet

melalui shell di underpaid hasil pemberian amen
iseng-iseng melakukan dig dan nslookup domain kantor,
lalu menggunakan lynx untuk mencoba akses
siapa tahu ada website default

lalu ... ck ck ck

ternyata konfigurasi tidak dibuat secara benar oleh sang admin,
akibatnya situs intranet dapat diakses dengan memakai IP
global

ya ya ya
tentu saja info ini hanya sedikit ditampilkan,
repot kalau ada yg melakukan exploit
« Home | Next »
| Next »
| Next »
| Next »
| Next »
| Next »
| Next »
| Next »
| Next »
| Next »

» Post a Comment