CVE-2000-0649 PoC — Microsoft Internet Information Services 信息泄露漏洞

Source

https://github.com/stevenvegar/cve-2000-0649

Associated Vulnerability

Title:Microsoft Internet Information Services 信息泄露漏洞 (CVE-2000-0649)
Description:IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.

Description

Script fo testing CVE-2000-0649 for Apache and MS IIS servers

Readme

# CVE-2000-0649 for Apache
CVE-2000-0649 is a low risk vulnerability that can potentially disclose the internal IP addresses of the server from the Location parameter in the respose header. Official details are here:

* Rapid7:
https://www.rapid7.com/db/modules/auxiliary/scanner/http/iis_internal_ip/
* CVE:
https://www.cvedetails.com/cve/CVE-2000-0649/
* NIST:
https://nvd.nist.gov/vuln/detail/CVE-2000-0649

The vulnerability has been seen to be exploited on Microsoft IIS Servers, from 2.0 to 5.0 versions, but it hasn't been reported for Apache.

This script is made as PoC to extract local IP address of Apache 2.4.29 server, but it hasn't been tested on newer versions.

The following is a screenshot taken for this vulnerability.

![Poc Tested](poc-tested.png)

Reference:

Security Tracker Archives:
https://securitytracker.com/id/1002188

File Snapshot


 [4.0K]  /data/pocs/00eba119419cdccb5ed4fb0bbfcfdcb4f8f2d6c3
├── [2.7K]  cve-2000-0649.py
├── [101K]  poc-tested.png
└── [ 849]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!