CVE-2001-1528

AmTote International - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-1528. PoCs published by Gary O'Leary-Steele.

AI-analyzed exploit summary This exploit is a brute-force tool targeting Amtote Homebet's authentication mechanism. It reads account numbers from a file and attempts to validate them by sending HTTP POST requests to the target server, checking for the response 'ACCOUNT NUMBER IS NOT DEFINED' to determine validity.

Description

AmTote International homebet program returns different error messages when invalid account numbers and PIN codes are provided, which allows remote attackers to determine the existence of valid account numbers via a brute force attack.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Gary O'Leary-Steele · perlremotemultiple
https://www.exploit-db.com/exploits/21116

This exploit is a brute-force tool targeting Amtote Homebet's authentication mechanism. It reads account numbers from a file and attempts to validate them by sending HTTP POST requests to the target server, checking for the response 'ACCOUNT NUMBER IS NOT DEFINED' to determine validity.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Amtote Homebet (version unspecified)
No auth needed
Prerequisites: List of account numbers in a file named 'accounts.txt' · Network access to the target server
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Broken Link vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/7185.php
Broken Link, Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3371
Broken Link, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-09/0235.html

Scores

EPSS 0.0791
EPSS Percentile 94.0%

Details

CWE
CWE-203
Status published
Products (1)
amtote/homebet
Published Dec 31, 2001
Tracked Since Feb 18, 2026