You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Until now,For all versions, there are security risks in the add_link method in the class/Api.php file. As shown in the figure, when we set the url to the intranet IP, we can also access the title, introduction and other information of the web website, which will be in the link name. After obtaining the title of the web service,
if other services are enabled, such as the Elastic monitoring service, you can also add ports to see if other web services are enabled and detect intranet web service information.
The text was updated successfully, but these errors were encountered:
Until now,For all versions, there are security risks in the add_link method in the class/Api.php file. As shown in the figure, when we set the url to the intranet IP, we can also access the title, introduction and other information of the web website, which will be in the link name. After obtaining the title of the web service,
if other services are enabled, such as the Elastic monitoring service, you can also add ports to see if other web services are enabled and detect intranet web service information.
The text was updated successfully, but these errors were encountered: