Pageviews

Facebook Internal IP Disclosure

Durning the subdomain enumeration, I've got a subdomain which is : https://esbmbltest.thefacebook.com/

Which typically wasn't hosting anything.

Crawling the application, i figured out it is running "Oracle WebLogic UDDI Explorer"















Crawling or running dirb on the application will give the /uddiexplorer/ directory.
However, it has an option to search for Private Registry,
The UDDI Directory Explorer allows authorized users to publish Web services in private WebLogic Server UDDI registries and to modify information for previously published Web services.

However i was not an authorized user, but to fetch the deatils of private registry the appliaction will send a query to the internal system/server the IP was getting disclose within HTTP headers it was (192.168.1.103:8080)















This information can help an attacker to identify other vulnerabilities or it may help during the exploitation of other identified vulnerabilities, apart from that it disclose the information about the IP addressing scheme of the internal facebook network.

















However, facebook replied :
"The leak of an internal IP address is something we may fix, but we do not consider it a security vulnerability as it doesn't compromise the integrity of Facebook user data"













No Bounty was rewarded and the issue was closed on 26 August, hence i decided to disclose the bug.

However, today 11-12-2017 received mail from Facebook awarding 500$ for this bug.













 Thank you 
Dhiraj

2 comments:

  1. mr; https://twitter.com/Capitan_Alfa/status/974474659847647233

    ReplyDelete
  2. Heya i’m for the first time here. I found this board and I to find It truly helpful & it helped me out a lot. I hope to provide something back and aid others such as you helped me.
    What is My IP | My IP Address | IP Lookup | Speed Test

    ReplyDelete