Nmap Development mailing list archives

NSE script: HTTP Internal IP Address Disclosure

From: Josh Amishav-Zlatin <jamuse () gmail com>
Date: Mon, 30 May 2016 13:12:06 +0300

I attached an NSE script that checks if the remote web server discloses its
internal IP address when sending an HTTP/1.0 request without a Host header.
While this is a common issue for certain unpatched versions of IIS, other
misconfigured web servers can be vulnerable a well.

- Josh

Attachment: http-internal-ip-disclosure.nse
Description:

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

NSE script: HTTP Internal IP Address Disclosure Josh Amishav-Zlatin (May 30)
- Re: NSE script: HTTP Internal IP Address Disclosure Patrick Donnelly (May 30)
  - Re: NSE script: HTTP Internal IP Address Disclosure Josh Amishav-Zlatin (Jun 01)
    - Re: NSE script: HTTP Internal IP Address Disclosure Patrick Donnelly (Jun 07)
    - Re: NSE script: HTTP Internal IP Address Disclosure Patrick Donnelly (Jun 08)
    - Re: NSE script: HTTP Internal IP Address Disclosure Josh Amishav-Zlatin (Jun 09)
    - Re: NSE script: HTTP Internal IP Address Disclosure Patrick Donnelly (Jun 09)