CVE-2000-0126

Internet Information Server 3 and 4 - Path Traversal via IDQ Scripts

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0126. PoCs published by Mnemonix.

AI-analyzed exploit summary The vulnerability in idq.dll allows directory traversal via '../' sequences in the CiTemplate parameter, enabling unauthorized file read access. The exploit bypasses '.htx' extension enforcement by appending spaces to the filename, tricking the system into retrieving arbitrary files.

Description

Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Mnemonix · textremotemultiple

https://www.exploit-db.com/exploits/19742

View Code ZIP pw:eip

The vulnerability in idq.dll allows directory traversal via '../' sequences in the CiTemplate parameter, enabling unauthorized file read access. The exploit bypasses '.htx' extension enforcement by appending spaces to the filename, tricking the system into retrieving arbitrary files.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Index Server 2.0 (idq.dll)

No auth needed

Prerequisites: Knowledge of target file path · File must be readable by anonymous/Everyone/Guest

MITRE ATT&CK

T1005 - Data from Local System

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0126

Scores

EPSS 0.4566

EPSS Percentile 98.6%

Details

Status published

Products (2)

microsoft/internet_information_server 3.0

microsoft/internet_information_server 4.0

Published Jan 26, 2000

Tracked Since Feb 18, 2026