Nmap Development mailing list archives
Re: NSE script: HTTP Internal IP Address Disclosure
From: Patrick Donnelly <batrick () batbytes com>
Date: Thu, 9 Jun 2016 08:25:52 -0400
On Thu, Jun 9, 2016 at 5:21 AM, Josh Amishav-Zlatin <jamuse () gmail com> wrote:
On Thu, Jun 9, 2016 at 2:20 AM, Patrick Donnelly <batrick () batbytes com> wrote:Josh, I'm planning to merge your script with a few minor modifications soon. Right now I'm fighting with cloning nmap with git+svn (been a while since I've committed!).Hi Patrick, Thanks for committing. Unfortunately some of the minor modifications broke the script. Specifically, the 'location' variable now contains the entire URL (e.g. https://10.40.0.17/images) and not just the internal IP, thus the ipOps.isPrivate() check fails. The previous version worked properly because parsed out the IP address from the Location response header into the 'redirectIP' variable and used that in to ipOps.isPrivate() check.
Sorry for the trouble Josh, I reverted that commit. -- Patrick Donnelly _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE script: HTTP Internal IP Address Disclosure Josh Amishav-Zlatin (May 30)
- Re: NSE script: HTTP Internal IP Address Disclosure Patrick Donnelly (May 30)
- Re: NSE script: HTTP Internal IP Address Disclosure Josh Amishav-Zlatin (Jun 01)
- Re: NSE script: HTTP Internal IP Address Disclosure Patrick Donnelly (Jun 07)
- Re: NSE script: HTTP Internal IP Address Disclosure Patrick Donnelly (Jun 08)
- Re: NSE script: HTTP Internal IP Address Disclosure Josh Amishav-Zlatin (Jun 09)
- Re: NSE script: HTTP Internal IP Address Disclosure Patrick Donnelly (Jun 09)
- Re: NSE script: HTTP Internal IP Address Disclosure Josh Amishav-Zlatin (Jun 01)
- Re: NSE script: HTTP Internal IP Address Disclosure Patrick Donnelly (May 30)