A small tool to create a PoC for CVE-2000-0649.# PoC-CVE-2000-0649
A small tool to create a PoC for CVE-2000-0649.
## Usage
This script verifies if the server is vulnerable for CVE-2000-0649. Keep in mind to play with HTTP, HTTPS and different paths. In my experience, the disclosure is mostly happening when connecting over HTTP and using the default path '/' or '/images'.
You would need to supply the host/IP address and a port. By default the path is set to '/'. Optionally you can specify a path, starting with '/'.
```
$ python3 cve-2000-0649.py -host {hostname} -port {port} -path {path}
This script verifies if the server is vulnerable for CVE-2000-0649.
Keep in mind to play with HTTP, HTTPS and different paths. In my experience the disclosure is mostly happening when connecting over HTTP and using the default path '/' or '/images'
Server response:
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: https://192.168.1.1/images/
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 18 Jun 2024 13:26:25 GMT
Connection: close
Content-Length: 152
<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="https://192.168.1.1/images/">here</a></body>
The server may be vulnerable to CVE-2000-0649.
The response contains an internal IP address, indicating a potential information disclosure.
```
## Contributing
Feel free to open issues, contribute and submit your Pull Requests. You can also ping me on Twitter (@PvdH)
[4.0K] /data/pocs/9507bca3bb8d48a12751c24370c0fbc5c38eec82
├── [2.7K] cve-2000-0649.py
├── [1.0K] LICENSE
└── [1.4K] README.md
0 directories, 3 files