[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IIS leak internal IP, Again?
I'm not sure this has been mentioned before but I was scanning a IIS 5.0 box and i noticed when I request a directory
which has directory indexing disabled such as /pdf i get a different response than /pdf/.
Now the reasoning is obvious (file vs dir); but whats interesting is that when I request /pdf/ I get the usual 403.
But when I access /pdf I get
$ nc www.iisweb.com 80
GET /pdf HTTP/1.0
HTTP/1.1 302 Object Moved
<body><h1>Object Moved</h1>This document may be found <a HREF="http://172.16.25.140/pdf/">here</a></
This is *not* the same content-location bug that used to exist. This seems entirely seperate because IIS is trying
to forward you to the directory because you tried to access it as a file. Is this a configuration error? Can this
be easily changed to not leak the internal ip? I'd be amazed if no one has caught this before.. But
hey you never know.
Visit Things From Another World for the best
comics, movies, toys, collectibles and more.