From b3a88696ef71fc8bc23e55c9e095fe1b5f3fb426 Mon Sep 17 00:00:00 2001 From: batrick Date: Thu, 9 Jun 2016 12:25:19 +0000 Subject: [PATCH] Revert "NSE: make minor adjustments to script" This reverts commit 317eb0de31f40454cd213296e6cee71c1f78e006. This commit started as a way to fix perceived problems but eventually I found the script worked correctly (I had a misunderstanding of the purpose). I kept the small changes but ended up breaking the script anyway. So let's just revert this. --- scripts/http-internal-ip-disclosure.nse | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/scripts/http-internal-ip-disclosure.nse b/scripts/http-internal-ip-disclosure.nse index b82b6feb1..27e41e34f 100644 --- a/scripts/http-internal-ip-disclosure.nse +++ b/scripts/http-internal-ip-disclosure.nse @@ -33,7 +33,7 @@ categories = { "vuln", "discovery", "safe" } portrule = shortport.http local function generateHttpV1_0Req(host, port, path) - local privateIP + local redirectIP, privateIP local socket = nmap.new_socket() socket:connect(host, port) @@ -47,23 +47,25 @@ local function generateHttpV1_0Req(host, port, path) end -- Check if the response contains a location header - local location = lines:match("Location: ([%a%p%d]+)") - if location then - stdnse.debug1("Location: %s", location) - + if lines:match("Location") then + local locTarget = lines:match("Location: [%a%p%d]+") -- Check if the redirect location contains an IP address - if ipOps.isPrivate(location) then - privateIP = location - stdnse.debug1("Internal IP: %s", privateIP) - break + redirectIP = locTarget:match("[%d%.]+") + if redirectIP then + privateIP, _ = ipOps.isPrivate(redirectIP) end + + stdnse.debug1("Location: %s", locTarget ) + stdnse.debug1("Internal IP: %s", redirectIP ) end end socket:close() -- Only report if the internal IP leaked is different then the target IP - return privateIP + if privateIP and redirectIP ~= host.ip then + return redirectIP + end end action = function(host, port)