Re: Rational Requisite Web shows location of projects in html

• Previous message: César González: "Information about /scripts/toos/mkilog.exe"
• Maybe in reply to: Mads Rasmussen: "Rational Requisite Web shows location of projects in html"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-Id: <200107311259.f6VCxgP12827@cit.com.br>
From: Mads Rasmussen <mads@cit.com.br>
To: H D Moore <hdm@secureaustin.com>
Subject: Re: Rational Requisite Web shows location of projects in html
Date: Tue, 31 Jul 2001 10:00:12 -0300

On Monday 30 July 2001 21:06, you wrote:
> By in front, do you mean they are using a reverse proxy to relay requests
> to the IIS server? Definately an interesting approach to security, seems
> you should be bale to exploit unicode through it though, maybe I will set
> one up here and try it.

Yes

They have a entrance in the apache httpd.conf like this:

#
# http://reqweb.bla.com.br/
#
Listen 200.xx.xx.x:80
<VirtualHost efactory.bla.com.br:80>
ServerAdmin webmaster@bla.com.br
DocumentRoot /home/www/reqweb
ServerName reqweb.bla.com.br
ErrorLog logs/reqweb-error_log
TransferLog logs/reqweb-access_log
Options FollowSymLinks
ProxyRemote * http://200.xx.xx.yy:81/
ProxyPass /reqweb http://reqweb.bla.com.br/reqweb
ProxyPassReverse /reqweb http://reqweb.bla.com.br/reqweb
</VirtualHost>

As you can see the 200.xx.xx.yy has a reverse proxy on port 81.

Just I am not really confident that something might pass through, you're the
only one that responded, have any ideas as of what tests to run?

Regards,

Mads

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Previous message: César González: "Information about /scripts/toos/mkilog.exe"
• Maybe in reply to: Mads Rasmussen: "Rational Requisite Web shows location of projects in html"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: SQL ... Subject: SQL ... >> This list is provided by the SecurityFocus Security ... For more information on SecurityFocus' SIA service which ... >This list is provided by the SecurityFocus Security Intelligence Alert ... (Pen-Test) RE: Insurance ... property--data beign deemed "intangible" for the purposes of insurance. ... for physical security testing there are often 3rd parties ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ... (Pen-Test) RE: Pen-Testing Lotus Notes/Domino ... Subject: Pen-Testing Lotus Notes/Domino ... of document security. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) R: Pen-Testing help (Compaq Insight & htsearch) ... This web server happens to be in front of their ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: Application & Iplanet/Apache web server vulnerability and penetration testing ... I don't know what to do on the web servers other than delete example ... Any suggestions on iPlanet and Apache security? ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint