Nmap Development mailing list archives
NSE script: HTTP Internal IP Address Disclosure
From: Josh Amishav-Zlatin <jamuse () gmail com>
Date: Mon, 30 May 2016 13:12:06 +0300
I attached an NSE script that checks if the remote web server discloses its internal IP address when sending an HTTP/1.0 request without a Host header. While this is a common issue for certain unpatched versions of IIS, other misconfigured web servers can be vulnerable a well. - Josh
Attachment:
http-internal-ip-disclosure.nse
Description:
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE script: HTTP Internal IP Address Disclosure Josh Amishav-Zlatin (May 30)
- Re: NSE script: HTTP Internal IP Address Disclosure Patrick Donnelly (May 30)
- Re: NSE script: HTTP Internal IP Address Disclosure Josh Amishav-Zlatin (Jun 01)
- Re: NSE script: HTTP Internal IP Address Disclosure Patrick Donnelly (Jun 07)
- Re: NSE script: HTTP Internal IP Address Disclosure Patrick Donnelly (Jun 08)
- Re: NSE script: HTTP Internal IP Address Disclosure Josh Amishav-Zlatin (Jun 09)
- Re: NSE script: HTTP Internal IP Address Disclosure Patrick Donnelly (Jun 09)
- Re: NSE script: HTTP Internal IP Address Disclosure Josh Amishav-Zlatin (Jun 01)
- Re: NSE script: HTTP Internal IP Address Disclosure Patrick Donnelly (May 30)