Home page logo
/

bugtraq logo Bugtraq mailing list archives

RE: IIS Internal IP Address Disclosure (#NISR05032002B)
From: "David Litchfield" <david () nextgenss com>
Date: Wed, 6 Mar 2002 11:22:23 -0000

Yes - this was noted in the description of the problem. 

Please note that the "workaround" has been documented in KB article
Q218180 
(http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q218180&ID=KB;
EN->US;Q218180) 
and has been discussed and referenced in the IIS4 and IIS5 security 
checklists (since June 2000.)



At 05:58 PM 3/5/2002 +0000, David Litchfield wrote:
NGSSoftware Insight Security Research Advisory

Name:                   Internal IP Addresses and IIS
...SNIP...
them formulate further attacks. This issue is similar to the issue
documented at
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q218180&id=KB;
EN
-US;Q218180


The details of this advisory discuss several other ways of getting the
IP address. The MS KB article discusses the Content-Location HTTP
header. This only happened if the default page was static in nature
(i.e. not an asp page). Many people may have neglected to use this
workaround as they do not use static content, thinking that, because of
this they weren't vulnerable.

As the advisory shows though there are many ways to get this
information. There will probably be more.

Cheers,
David Litchfield


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]