Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2000-0649 PoC — Microsoft Internet Information Services 信息泄露漏洞

Source
https://github.com/rafaelh/CVE-2000-0649
Associated Vulnerability
Title:Microsoft Internet Information Services 信息泄露漏洞 (CVE-2000-0649)
Description:IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
Description
Test for CVE-2000-0649, and return an IP address if vulnerable
Readme
# CVE-2000-0649
CVE-2000-0649 is a low risk vulnerability that can potentially disclose the internal IP addresses of the server. Official details are here:

* [Rapid7](https://www.rapid7.com/db/modules/auxiliary/scanner/http/iis_internal_ip/)
* [CVE](https://www.cvedetails.com/cve/CVE-2000-0649/)
* [NIST](https://nvd.nist.gov/vuln/detail/CVE-2000-0649)

This particular vulnerability became of interest to me because it seems to affect current NGINX and some Apache setups as well. This tool tests for the vulnerability on a given IP or domain, and is deliberately light on the output so that it can be used with other scripts. When it works, it should look something like this:

![Image of cve-2000-0649 being run in a terminal](poc-working.jpg)

Otherwise, there will be no output. We fixed this in NGINX by adding the following line to `/etc/nginx/nginx.conf`:

```bash
server_name_in_redirect on
```

Thanks!
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →