Results 1 to 4 of 4

6.0 HTTP 401 Response Internal IP Disclosure

Thread Tools
- Show Printable Version
Display
- Switch to Linear Mode
- Switch to Hybrid Mode
- Threaded Mode

Threaded View

December 2nd, 2005, 06:34 PM #1
warl0ck7

View Profile

View Forum Posts

Visit Homepage
Senior Member

Join Date

Jun 2003

Posts

188
Microsoft IIS 5.0/51./6.0 HTTP 401 Response Internal IP Disclosure

Microsofts IIS 5.0/5.1/6.0 Web servers seem to disclose their internal ip, when giving
a 401 HTTP response take a loook.

[11:05 PM ~]#nc -vv 127.0.0.1 267
localhost [127.0.0.1] 267 (?) open
OPTIONS / HTTP/1.0

HTTP/1.1 401 Unauthorized
Content-Length: 1656
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Basic realm="172.20.0.79"
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Sun, 06 Nov 2005 17:39:09 GMT
Connection: close

The basic realm is set to the internal IP

NOTE: Don't fret on the port 267 thing, the whole thing is through sslproxy.

http://i12.photobucket.com/albums/a2...l0ck9/Sig5.gif
Reply With Quote

Quick Navigation Microsoft Security Discussions Top

« Previous Thread | Next Thread »

Posting Permissions

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
[VIDEO] code is On
HTML code is Off

Forum Rules

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Thread: Microsoft IIS 5.0/51./6.0 HTTP 401 Response Internal IP Disclosure

Thread Tools

Display

Threaded View

Microsoft IIS 5.0/51./6.0 HTTP 401 Response Internal IP Disclosure

Posting Permissions