Howto: Fix Microsoft IIS Internal IP Address Disclosure Vulnerability With Scripts

June 24, 2010

What is  IP Address Disclosure?

It is usually a bullshit “vulnerability” that firms will mention if they can’t find anything else to report

http://www.securityfocus.com/bid/1499/discuss

How do you fix it without wasting 10 years of your time?

First, we need to find out the site IDs for all the websites on a given windows server (i am assuming windows server 2003 here). Create this batch file  c:\admin\list_site_ids.bat (you can mkdir  c:\admin if you don’t have it) to grab the site IDs and write them to a file called site_ids.txt.  Here is the batch file contents:

@ECHO READY
@echo Script starting
iisweb.vbs /query >> C:\admin\site_ids.txt
@echo Script complete
pause

You can then write a batch file to use the ‘SetHostName’ function of the adsutil.vbs utility on the server to make sure the host name is set to a text url rather than divulging an internal IP address:

*Don’t forget to replace (id of site) with an ID from site_ids.txt*

@ECHO READY
cd \
cd ..
cd \
c:
cd inetpub
cd AdminScripts
@ECHO STARTING SCRIPT
cscript adsutil.vbs set w3svc/(id of site)/SetHostName www.mysite.com
pause
@ECHO SCRIPT COMPLETED