What is IP Address Disclosure?
It is usually a bullshit “vulnerability” that firms will mention if they can’t find anything else to report
How do you fix it without wasting 10 years of your time?
First, we need to find out the site IDs for all the websites on a given windows server (i am assuming windows server 2003 here). Create this batch file c:\admin\list_site_ids.bat (you can mkdir c:\admin if you don’t have it) to grab the site IDs and write them to a file called site_ids.txt. Here is the batch file contents:
@ECHO READY @echo Script starting iisweb.vbs /query >> C:\admin\site_ids.txt @echo Script complete pause
You can then write a batch file to use the ‘SetHostName’ function of the adsutil.vbs utility on the server to make sure the host name is set to a text url rather than divulging an internal IP address:
*Don’t forget to replace (id of site) with an ID from site_ids.txt*
@ECHO READY cd \ cd .. cd \ c: cd inetpub cd AdminScripts @ECHO STARTING SCRIPT cscript adsutil.vbs set w3svc/(id of site)/SetHostName www.mysite.com pause @ECHO SCRIPT COMPLETED