From robin at digi.ninja Wed Feb 17 03:13:57 2016 From: robin at digi.ninja (Robin Wood) Date: Wed, 17 Feb 2016 09:13:57 +0000 Subject: [Nikto-discuss] internal IP not pulled out Message-ID: I've just ran a scan and in the results got 18 copies of this issue for one of the IPs: + OSVDB-630: GET Microsoft Exchange Systems (CAS and OWA) may reveal their internal or real IP in the WWW-Authenticate header via a request over HTTP/1.0. The value is "". Looking in the save file the internal IP is there: HTTP/1.1 401 Unauthorized content-type: text/html server: Microsoft-IIS/7.0 www-authenticate: Basic realm="10.2.0.18" x-powered-by: ASP.NET date: Tue, 16 Feb 2016 16:51:21 GMT connection: keep-alive content-length: 1293 The repeated results are caused by it hitting 18 different directories which I think is a good idea but I think it should de-duplicate the results so there is only a single issue raised if they all match. Robin From csullo at gmail.com Wed Feb 24 00:10:03 2016 From: csullo at gmail.com (Sullo) Date: Wed, 24 Feb 2016 01:10:03 -0500 Subject: [Nikto-discuss] internal IP not pulled out In-Reply-To: References: Message-ID: Robin-- Thanks for pointing this out--finally got a chance to take a look at it. I've committed some changes to report the correct header when it's in www-authenticate (which is why it was blank) and also only alert 1 time for each of the 3 possible headers. So at max you could have 3 reports if your target had all 3 issues, which seems unlikely. Please test if you can to see if this resolves it. -Sullo On Wed, Feb 17, 2016 at 4:13 AM, Robin Wood wrote: > I've just ran a scan and in the results got 18 copies of this issue > for one of the IPs: > > + OSVDB-630: GET Microsoft Exchange Systems (CAS and OWA) may reveal > their internal or real IP in the WWW-Authenticate header via a request > over HTTP/1.0. The value is "". > > Looking in the save file the internal IP is there: > > HTTP/1.1 401 Unauthorized > content-type: text/html > server: Microsoft-IIS/7.0 > www-authenticate: Basic realm="10.2.0.18" > x-powered-by: ASP.NET > date: Tue, 16 Feb 2016 16:51:21 GMT > connection: keep-alive > content-length: 1293 > > The repeated results are caused by it hitting 18 different directories > which I think is a good idea but I think it should de-duplicate the > results so there is only a single issue raised if they all match. > > Robin > _______________________________________________ > Nikto is sponsored by Netsparker, a false positive free web application security scanner and Netsparker Cloud online scanner. > Visit https://www.netsparker.com/ for more information. > _______________________________________________ > Nikto-discuss mail list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss -- http://www.cirt.net | http://rvasec.com/ From robin at digi.ninja Wed Feb 24 04:44:37 2016 From: robin at digi.ninja (Robin Wood) Date: Wed, 24 Feb 2016 10:44:37 +0000 Subject: [Nikto-discuss] internal IP not pulled out In-Reply-To: References: Message-ID: That fixed it. Thanks Robin On Wed, 24 Feb 2016 at 06:10 Sullo wrote: > Robin-- > > Thanks for pointing this out--finally got a chance to take a look at > it. I've committed some changes to report the correct header when it's > in www-authenticate (which is why it was blank) and also only alert 1 > time for each of the 3 possible headers. So at max you could have 3 > reports if your target had all 3 issues, which seems unlikely. > > Please test if you can to see if this resolves it. > > -Sullo > > > On Wed, Feb 17, 2016 at 4:13 AM, Robin Wood wrote: > > I've just ran a scan and in the results got 18 copies of this issue > > for one of the IPs: > > > > + OSVDB-630: GET Microsoft Exchange Systems (CAS and OWA) may reveal > > their internal or real IP in the WWW-Authenticate header via a request > > over HTTP/1.0. The value is "". > > > > Looking in the save file the internal IP is there: > > > > HTTP/1.1 401 Unauthorized > > content-type: text/html > > server: Microsoft-IIS/7.0 > > www-authenticate: Basic realm="10.2.0.18" > > x-powered-by: ASP.NET > > date: Tue, 16 Feb 2016 16:51:21 GMT > > connection: keep-alive > > content-length: 1293 > > > > The repeated results are caused by it hitting 18 different directories > > which I think is a good idea but I think it should de-duplicate the > > results so there is only a single issue raised if they all match. > > > > Robin > > _______________________________________________ > > Nikto is sponsored by Netsparker, a false positive free web application > security scanner and Netsparker Cloud online scanner. > > Visit https://www.netsparker.com/ for more information. > > _______________________________________________ > > Nikto-discuss mail list > > Nikto-discuss at attrition.org > > https://attrition.org/mailman/listinfo/nikto-discuss > > > > -- > > http://www.cirt.net | http://rvasec.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: