RFC1918 check

[digininja]

Just had this come up and was wondering if it would be possible to add a check to see if the value really was an RFC1918 address rather than just say "may reveal"

+ OSVDB-5737: WebLogic may reveal its internal IP or hostname in the Location header. The value is "http://213.1.2.3/default/400.html".

[sullo]

It's supposed to check it vs the host's name and ip. Does it resolve to multiple values or a different value?

On Jul 11, 2016, at 7:09 AM, Robin Wood notifications@github.com wrote:

Just had this come up and was wondering if it would be possible to add a check to see if the value really was an RFC1918 address rather than just say "may reveal"

• OSVDB-5737: WebLogic may reveal its internal IP or hostname in the Location header. The value is "http://213.1.2.3/default/400.html". — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[digininja]

The IP it reports matches what you detect as the IP here:

+ Target IP:          213.1.2.3.4

[sullo]

Can you see if https://github.com/sullo/nikto/commit/260778b291027b91af2a1890b6f1cb7fd82ffb82 fixes it? I think it should. It was a different bit that checked for an internal vs same IP, which this should have done as well.

[digininja]

That fixed it.

On Mon, 11 Jul 2016 at 15:15 sullo notifications@github.com wrote:

Can you see if 260778b https://github.com/sullo/nikto/commit/260778b291027b91af2a1890b6f1cb7fd82ffb82 fixes it? I think it should. It was a different bit that checked for an internal vs same IP, which this should have done as well.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/sullo/nikto/issues/399#issuecomment-231747148, or mute the thread https://github.com/notifications/unsubscribe/AAHJWT7S_yCb6mRzuUZpYPTjbgVgOUNGks5qUlAGgaJpZM4JJQkE .