Vulnerability Development mailing list archives
IIS leak internal IP, Again?
From: "wirepair" <wirepair () roguemail net>
Date: Tue, 21 Oct 2003 07:54:59 -0700
hi hi, I'm not sure this has been mentioned before but I was scanning a IIS 5.0 box and i noticed when I request a directorywhich has directory indexing disabled such as /pdf i get a different response than /pdf/. Now the reasoning is obvious (file vs dir); but whats interesting is that when I request /pdf/ I get the usual 403. But when I access /pdf I get $ nc www.iisweb.com 80
GET /pdf HTTP/1.0 HTTP/1.1 302 Object Moved Location: http://172.16.25.140/pdf/ Server: Microsoft-IIS/5.0 Content-Type: text/html Content-Length: 148 <head><title>Document Moved</title></head> <body><h1>Object Moved</h1>This document may be found <a HREF="http://172.16.25.140/pdf/">here</a></ body> This is *not* the same content-location bug that used to exist. This seems entirely seperate because IIS is trying to forward you to the directory because you tried to access it as a file. Is this a configuration error? Can this be easily changed to not leak the internal ip? I'd be amazed if no one has caught this before.. But hey you never know. Thanks, -wire -- Visit Things From Another World for the best comics, movies, toys, collectibles and more. http://www.tfaw.com/?qt=wmf
Current thread:
- IIS leak internal IP, Again? wirepair (Oct 21)