lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <50300000.1032549037@localhost>
From: pb at bieringer.de (Peter Bieringer)
Subject: Referrer log show some details about internal network

Hi,

shure not new, but an interesting kind of information disclosure of
an internal network:

http://192.168.***.***/exchange/*user1*/z_e-mails/noch_zu_erledigen
/FW:%20Doku%20fertig:%20FreeS_xF8FF_WAN-
RoadWarrior%20zu%20Check%20Point%20FW-1%20NG.EML?Cmd=open
 
http://192.168.***.***/exchange/*user2*/Inbox/FW:%20Doku%20fertig:%
20FreeS_xF8FF_WAN-RoadWarrior%20zu%20Che
ck%20Point%20FW-1%20NG.EML/1_text.htm?Security=2

Caused by an MS Exchange system?

Looks like proxies/firewalls should cut-off referrers which are
pointing to internal for privacy issue ;-)

        Peter
---
Dr. Peter Bieringer
mailto: pb at bieringer dot de
http://www.bieringer.de/pb/
Key 0x958F422D : B501 24F4 9418 23E2 C0F3  F833 7B57 AA7B 958F 422D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20020920/da373bb8/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ