Penetration Testing mailing list archives
Re: Rational Requisite Web shows location of projects in html
From: Mads Rasmussen <mads () cit com br>
Date: Tue, 31 Jul 2001 10:00:12 -0300
On Monday 30 July 2001 21:06, you wrote:
By in front, do you mean they are using a reverse proxy to relay requests to the IIS server? Definately an interesting approach to security, seems you should be bale to exploit unicode through it though, maybe I will set one up here and try it.
Yes They have a entrance in the apache httpd.conf like this: # # http://reqweb.bla.com.br/ # Listen 200.xx.xx.x:80 <VirtualHost efactory.bla.com.br:80> ServerAdmin webmaster () bla com br DocumentRoot /home/www/reqweb ServerName reqweb.bla.com.br ErrorLog logs/reqweb-error_log TransferLog logs/reqweb-access_log Options FollowSymLinks ProxyRemote * http://200.xx.xx.yy:81/ ProxyPass /reqweb http://reqweb.bla.com.br/reqweb ProxyPassReverse /reqweb http://reqweb.bla.com.br/reqweb </VirtualHost> As you can see the 200.xx.xx.yy has a reverse proxy on port 81. Just I am not really confident that something might pass through, you're the only one that responded, have any ideas as of what tests to run? Regards, Mads ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Rational Requisite Web shows location of projects in html Mads Rasmussen (Jul 30)
- Message not available
- Re: Rational Requisite Web shows location of projects in html Mads Rasmussen (Jul 31)
- Message not available