Home page logo

nmap-dev logo Nmap Development mailing list archives

From: Paulino Calderon <paulino () calderonpale com>
Date: Fri, 15 Jul 2011 18:25:32 -0700

Hi nmap-dev,

description = [[
http-litespeed-sourcecode-download.nse exploits a null-byte poisoning vulnerability in Litespeed Web Servers 4.0.x before 4.0.15 to retrieve the target script's source code by sending a HTTP request with a null byte followed by a .txt file extension (CVE-2010-2333).

HTTP GET example:
* <code>/index.php\00.txt</code>

* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2333
* http://www.exploit-db.com/exploits/13850/

-- @usage
-- nmap -p80 --script http-litespeed-sourcecode-download --script-args http-litespeed-sourcecode-download.file=/index.php <host>
-- @args http-litespeed-sourcecode-download.uri URI path to remote file

Paulino Calderón Pale
Web: http://calderonpale.com
Twitter: http://www.twitter.com/paulinocaIderon

Attachment: http-litespeed-sourcecode-download.nse

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]