Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

IIS leaks Internal IP, Again (already reported)

From: "wirepair" <wirepair () roguemail net>
Date: Tue, 21 Oct 2003 08:53:41 -0700
Sorry folks I just searched a bit more and saw this was reported by e-Syngeries in 2001. Is the Content-Location bug fixed by default but you still need to follow the steps outlined in http://support.microsoft.com/default.aspx?scid=kb;en-us;Q218180&sd=tech? A sp3 win2k box running iis 5 didn't reveal the ip in content-location but did when doing the /dir trick. Only after i set UseHostName 
did it stop revealing the internal ip.
Sorry,
-wire
--
Visit Things From Another World for the best
comics, movies, toys, collectibles and more.
http://www.tfaw.com/?qt=wmf
Previous By Date Next
Previous By Thread Next

Current thread: