Metasploit mailing list archives
Re: dir_scanner module
From: "Hendrik Bäcker" <andurin () process-zero de>
Date: Tue, 5 Oct 2010 17:00:00 +0200
Hi, Don't know if it might be interesting for the dir_scanner but the thing Alfonso said is, in some cases, more interesting when inspecting the response header against private IP addresses like 10.*, 192.168.* and so on. Misconfigured Bea Webservers leak those fragments like some actual IIS (there was an BID against IIS 4 but nowadays it might be less a bug and more a misconfiguration. If someone says it's interesting enough I would try to send a patch. Any comments? - Hendrik alfonso caponi <alfonso.caponi () gmail com> schrieb am 05.10.2010 09:21: Hi, using dir_scanner module (svn version) during a pen-test I've noticed that in some cases is different to make a GET with a "/" at the end. For example, during a pen-test versus an IIS server (Microsoft-IIS/6.0 ( Powered by ASP.NET )) requests for /document/ returns 404 and for /document returns 301 (and it can be visible to the users). Could you add this check to the module? Thank you very much, AL
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- dir_scanner module alfonso caponi (Oct 05)
- Re: dir_scanner module Hendrik Bäcker (Oct 05)
- Re: dir_scanner module Jonathan Cran (Oct 06)
- Re: dir_scanner module Hendrik Baecker (Oct 06)
- Re: dir_scanner module Jonathan Cran (Oct 06)
- Re: dir_scanner module Hendrik Bäcker (Oct 05)