Intro
The server reveals its internal IP address when specifying a WebDAV PROPFIND request. Method Issue a PROPFIND request with a HTTP v1.1 empty Host header: telnet example.com 80 Trying 123.123.123.123... Connected to example.com. Escape character is '^]'. PROPFIND / HTTP/1.1 Host: HTTP/1.1 302 Redirect Content-Length: 140 Content-Type: text/html Location: / Server: Microsoft-IIS/6.0 Date: Tue, 08 Jun 2010 07:05:08 GMT Document Moved Object Moved This document may be found here Recommendation Reconfigure IIS to return the FQDN value instead: http://support.microsoft.com/kb/q218180/ Refs OSVDB 13431 Comments are closed.
|
Archives
September 2017
Categories
All
|
|
|