Exploitation Summary
EIP tracks 4 public exploits for CVE-2000-0649. PoCs published by Dougal Campbell, rafaelh, Downgraderz.
AI-analyzed exploit summary This is a writeup describing an information leakage vulnerability in Microsoft IIS where the internal IP address is disclosed in error messages when accessing a basic authentication-protected area with HTTP 1.0 or specific HTTP methods like PROPFIND.
Description
IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
Exploits (4)
This is a writeup describing an information leakage vulnerability in Microsoft IIS where the internal IP address is disclosed in error messages when accessing a basic authentication-protected area with HTTP 1.0 or specific HTTP methods like PROPFIND.
The repository contains a Python script that scans for CVE-2000-0649, an information disclosure vulnerability affecting IIS, NGINX, and Apache. The script sends an HTTP request to the target and checks the response for internal IP addresses using regex.
The repository contains a Python script that checks for CVE-2000-0649 by sending an HTTP request and analyzing the response for internal IP addresses, indicating potential information disclosure. It does not exploit the vulnerability but scans for its presence.
The repository contains a Python script that scans for CVE-2000-0649, an information disclosure vulnerability in Microsoft IIS and potentially Apache servers. The script sends an HTTP request and checks the response header for internal IP addresses disclosed in the Location field.