Do you have any idea about an Internal IP Address or a Private IP Address that too assigned for Multinational Companies? Yeah, today we are gonna discuss about Internal IP or Private IP address Disclosure.
Disclosure of an Internal IP like 192.168.*.* or 172.16.*.* , can really Impact ? Most security researchers call it as "bull shit" vulnerability. But when it comes to impact calculation even if the server is behind a firewall or NAT, an attacker can see internal IP of the remote host and this may be used to further attacks.
Internet Giants like Facebook, Google, PayPal and Serious National Security organizations like FBI, Pentagon and NASA are taking initiatives for their Security Issues. At same, we at 'The Hacker News' stand together for organizations that talk about national security in a serious way.
I guess,its the time to understand about the flaws and its impacts where I would like to share my findings about our Internet Giants and Organizations.
Facebook - Internal IPv4 Address and Session Cookie Disclosure
Facebook spent $8.5 million to buy fb.com. According to the many report available on the internet says "fb.com is for Facebook Internal Use Only".
Internal IP : 192.168.149.88
Session Cookie : Session Cookie Generation probably depends the administration from their admin panel located at https://newsroom.fb.com/admin/login.aspx?RefUrl=%2fadmin%2fdefault.aspx
PayPal - [ www.paypal.com & www.where.com ]
Paypal is being the largest in the e-banking business has its Internal IPv4 Address and Other Server Detail Disclosure while accessing one of its sub domain.
Google - [ Server Path Disclosure]
Recently , I came across an issue reported by an user on Google Code website to Google Team members of modpagespeed project.. mod_pagespeed is an open-source Apache module created by Google to help Make the Web Faster by rewriting web pages to reduce latency and bandwidth.
If you closely analyze the URL mentioned in the forum post you might get some encoding error. But if you access the URL via Google Web-Cache ( Interesting Part: Using Google Service to Retrieve Information of Other Google Services )
Vulnerability: Server Path Disclosure
Steps to Reproduce: Access Google Web-Cache URL: Click Here
Cron Job Info of Google Talk, Plugins and Google Chrome
/etc/cron.daily/google-chrome
/opt/google/chrome/PepperFlash/libpepflashplayer.so
/opt/google/chrome/chrome-sandbox
/opt/google/chrome/chrome.pak
/opt/google/chrome/chrome_100_percent.pak
/opt/google/chrome/default-app-block
Google Talk Plugin - Cron Job Info, Path Disclosed: Cache URL
google-talkplugin-3.10.2.0-1.src.rpm
/etc/cron.daily/google-talkplugin
Google Chrome- Cron Job Info, Path Disclosed: Cache URL
google-chrome-beta-24.0.1312.40-172509.src.rpm
/usr/bin/google-chrome/
etc/cron.daily/google-chrome
NASA
Internal IP, Subnet mask disclosure in a publicly available file at NASA ftp (now deleted) can be seen via Google cache.
Tata Consultancy Services
In the above screenshot we can easily find the Microsoft OLDE DB provider Information and the Server Internal (Private IP Address : 192.168.15.65).
This may disclose information about the IP addressing scheme of the internal network. This information can be used to conduct further attacks.
For a hacker Information is like a treasure and gathering each and every small information = Treasure hunting. Vulnerability either low or Critical, its still remains a vulnerability.
