Internal IP Address Disclosure

Overview of the Vulnerability

Sensitive data can be exposed when it is not behind an authorization barrier. When this information is exposed it can place the application at further risk of compromise. This application discloses an internal IP address which an attacker could interact with to send requests and execute functions on the underlying system.

Business Impact

When an application fails to mask internal IP addresses it leaves the internal network more susceptible to future network based attacks.

Steps to Reproduce

Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
Use a browser to navigate to: {{URL}}
In the HTTP interception proxy, observe the disclosed internal IP address

Proof of Concept (PoC)

The following screenshot shows the disclosed internal IP address:

Recommendation(s)

The application should mask all internal IP addresses to reduce the attack surface of the application.

It is recommended to encrypt sensitive data both when at rest and when in transit. All data that is processed, stored, and transmitted by the application should be classified by business need, regulatory and industry requirements, and appropriate privacy laws.

Additionally, it is best practice to not store sensitive data when it is no longer required, as data that is not retained cannot be accessed and used maliciously. All sensitive data should therefore be a part of a regularly reviewed maintenance cycle. This review cycle should include rotation of secrets.

For more information refer to Open Web Application Security Project (OWASP) guide relating to this vulnerability: https://owasp.org/www-project-proactive-controls/v3/en/c8-protect-data-everywhere

PreviousManual User Enumeration Nextvia JSON Hijacking

Last updated 1 year ago