I've been fiddling around with a bug bounty program, and noticed that if I omit the last "/" character on some of the pages (e.g. "www.target.com/blah"), the site responds with 307 Temporary Redirect, and in the body it has the original host domain (e.g. "www.target.com/blah/"). However, there's a single page that doesn't return the original host, but an internal domain ("foo.bar.local/blah/"). This got my interest.
Being a newcomer to this, I ask you: what could I do with this information? Is there some request headers I could try to access the internal service? Or can I somehow perform e.g. enumeration on that internal service?
Thanks a lot in advance!
EDIT: Oh, forgot to mention, I know for a fact that the target is running a Windows server (IIS 10.0), if that helps.
[link] [comments]
from hacking: security in practice https://ift.tt/2OYvHgp
Comments
Post a Comment