You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Regular expression used to match internal IP addresses matches any IP address, so if the redirect (by Location means) points to another IP public address, it will match.
Nuclei Version:
Nuclei Engine Version: v3.2.2
Template file:
http/misconfiguration/internal-ip-disclosure.yaml
Command to reproduce:
nuclei -u http://public_IP -t ./http/misconfiguration/internal-ip-disclosure.yaml
Anything else:
Regular expression used to match internal IP addresses matches any IP address, so if the redirect (by Location means) points to another IP public address, it will match.
Suggested regex :
^(10(.(25[0-5]|2[0-4][0-9]|1[0-9]{1,2}|[0-9]{1,2})){3}|((172.(1[6-9]|2[0-9]|3[01]))|192.168)(.(25[0-5]|2[0-4][0-9]|1[0-9]{1,2}|[0-9]{1,2})){2})$
(regex taken from https://stackoverflow.com/a/44333761)
The text was updated successfully, but these errors were encountered: