来源

关联漏洞

描述

A small tool to create a PoC for CVE-2000-0649.

介绍

# PoC-CVE-2000-0649
A small tool to create a PoC for CVE-2000-0649.

## Usage
This script verifies if the server is vulnerable for CVE-2000-0649. Keep in mind to play with HTTP, HTTPS and different paths. In my experience, the disclosure is mostly happening when connecting over HTTP and using the default path '/' or '/images'.

You would need to supply the host/IP address and a port. By default the path is set to '/'. Optionally you can specify a path, starting with '/'.
    
```
$ python3 cve-2000-0649.py -host {hostname} -port {port} -path {path}

This script verifies if the server is vulnerable for CVE-2000-0649.
Keep in mind to play with HTTP, HTTPS and different paths. In my experience the disclosure is mostly happening when connecting over HTTP and using the default path '/' or '/images'

Server response:
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: https://192.168.1.1/images/
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 18 Jun 2024 13:26:25 GMT
Connection: close
Content-Length: 152

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="https://192.168.1.1/images/">here</a></body>

The server may be vulnerable to CVE-2000-0649.

The response contains an internal IP address, indicating a potential information disclosure.
```
## Contributing
Feel free to open issues, contribute and submit your Pull Requests. You can also ping me on Twitter (@PvdH)

文件快照

 [4.0K]  /data/pocs/9507bca3bb8d48a12751c24370c0fbc5c38eec82
├── [2.7K]  cve-2000-0649.py
├── [1.0K]  LICENSE
└── [1.4K]  README.md

0 directories, 3 files

备注