Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: dir_scanner module

From: "Hendrik Bäcker" <andurin () process-zero de>
Date: Tue, 5 Oct 2010 17:00:00 +0200
Hi,

Don't know if it might be interesting for the dir_scanner but the thing Alfonso said is, in some cases, more 
interesting when inspecting the response header against private IP addresses like 10.*, 192.168.* and so on.
Misconfigured Bea Webservers leak those fragments like some actual IIS (there was an BID against IIS 4 but nowadays it 
might be less a bug and more a misconfiguration.

If someone says it's interesting enough I would try to send a patch.

Any comments?

-
Hendrik

alfonso caponi &lt;alfonso.caponi () gmail com&gt; schrieb am 05.10.2010 09:21: 

Hi,
&nbsp;
using dir_scanner module (svn version) during a pen-test I've 
noticed that in some cases is different to make a GET with a "/" at the 
end.
&nbsp;
For example, during a pen-test versus an IIS&nbsp;server (Microsoft-IIS/6.0 ( Powered by ASP.NET )) requests for 
/document/ returns 404 and for /document returns 301&nbsp;(and it can be&nbsp;visible to the&nbsp;users).


&nbsp;
Could you add this check to the module?
&nbsp;
Thank you very much,
AL



_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: