Web Server HTTP Header Internal IP Disclosure

To test this vulnerability, it is basically the same procedure as the previous one; But, this time we are sending our GET request to the root of the webserver instead of autodiscover.xml.

Connect to your exchange server using OpenSSL as below.

openssl s_client -host host.domain.com -port 443

Once the above OpenSSL command asks for input, paste and execute the following in the same terminal. (GET request to the root page of the webserver.)

GET / HTTP/1.0

Notice the response kindly lets you know the Internal IP in the Location: header.

PreviousMicrosoft Exchange Client Access Server Information Disclosure Nextsmbclient.py

Last updated 1 year ago