Re: IIS Internal IP disclosure

From: Renaud Deraison (deraisonat_private)
Date: Wed Feb 26 2003 - 07:19:19 PST

  • Next message: Renaud Deraison: "Re: Send control character in telnet from NASL?"

    On Tue, Feb 25, 2003 at 06:33:35PM -0800, Alex Zimin wrote:
    > Re-submitting the plugin - fixed minor script error.
    >    if ("Location: " >< resultrecv)
    >    {
    
    Your script will false positive on any host that has a redirection set
    for the main page (ie: many) - you should at least make sure the
      Location: field shows an IP adress. 
    
    
    I fail to see the difference with iis_nat.nasl though. Redirections
    exist, they're not a security flaw per se.
    
    
    				-- Renaud
    



    This archive was generated by hypermail 2b30 : Wed Feb 26 2003 - 07:19:18 PST