CVE-2000-0649 PoC — Microsoft Internet Information Services 信息泄露漏洞

Source

https://github.com/stevenvegar/cve-2000-0649

Associated Vulnerability

Title:Microsoft Internet Information Services 信息泄露漏洞 (CVE-2000-0649)
Description:Microsoft Internet Information Services（IIS）是美国微软（Microsoft）公司的一款适用于Windows Server平台的Web服务器。 Microsoft Internet Information Services 4.0版本存在信息泄露漏洞。远程攻击者可以借助被基本认证保护并且无区域定义的网页的HTTP 1.0请求来获得服务器的内部IP地址。

Description

Script fo testing CVE-2000-0649 for Apache and MS IIS servers

Readme

# CVE-2000-0649 for Apache
CVE-2000-0649 is a low risk vulnerability that can potentially disclose the internal IP addresses of the server from the Location parameter in the respose header. Official details are here:

* Rapid7:
https://www.rapid7.com/db/modules/auxiliary/scanner/http/iis_internal_ip/
* CVE:
https://www.cvedetails.com/cve/CVE-2000-0649/
* NIST:
https://nvd.nist.gov/vuln/detail/CVE-2000-0649

The vulnerability has been seen to be exploited on Microsoft IIS Servers, from 2.0 to 5.0 versions, but it hasn't been reported for Apache.

This script is made as PoC to extract local IP address of Apache 2.4.29 server, but it hasn't been tested on newer versions.

The following is a screenshot taken for this vulnerability.

![Poc Tested](poc-tested.png)

Reference:

Security Tracker Archives:
https://securitytracker.com/id/1002188

File Snapshot


 [4.0K]  /data/pocs/00eba119419cdccb5ed4fb0bbfcfdcb4f8f2d6c3
├── [2.7K]  cve-2000-0649.py
├── [101K]  poc-tested.png
└── [ 849]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!