PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 14:11:29 +00:00
Code Issues Projects Releases Wiki Activity

Fix NSEdoc: wrap lines, fix bulleted lists

Browse Source
This commit is contained in:
dmiller
2015-07-11 04:01:05 +00:00
parent a59056e29e
commit 339f0ffd7d
63 changed files with 408 additions and 298 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
scripts/http-litespeed-sourcecode-download.nse
View File

@@ -5,9 +5,13 @@ local stdnse = require "stdnse"
local string = require "string"
description = [[
Exploits a null-byte poisoning vulnerability in Litespeed Web Servers 4.0.x before 4.0.15 to retrieve the target script's source code by sending a HTTP request with a null byte followed by a .txt file extension (CVE-2010-2333).
Exploits a null-byte poisoning vulnerability in Litespeed Web Servers 4.0.x
before 4.0.15 to retrieve the target script's source code by sending a HTTP
request with a null byte followed by a .txt file extension (CVE-2010-2333).
If the server is not vulnerable it returns an error 400. If index.php is not found, you may try /phpinfo.php which is also shipped with LiteSpeed Web Server. The attack payload looks like this:
If the server is not vulnerable it returns an error 400. If index.php is not
found, you may try /phpinfo.php which is also shipped with LiteSpeed Web
Server. The attack payload looks like this:
* <code>/index.php\00.txt</code>
References: