Added http-litespeed-sourcecode-download:

http-litespeed-sourcecode-download.nse exploits a null-byte poisoning vulnerability in Litespeed Web Servers 4.0.x before 4.0.15 to retrieve the target script's source code by sending a HTTP request with a null byte followed by a .txt file extension (CVE-2010-2333). If the server is not vulnerable it returns an error 400. If index.php is not found, you may try /phpinfo.php which is also shipped with LiteSpeed Web Server. The attack payload looks like this: * <code>/index.php\00.txt</code> References: * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2333 * http://www.exploit-db.com/exploits/13850/
2025-12-10 09:49:05 +00:00 · 2011-07-24 20:13:42 +00:00
parent e2fcc14fe2
commit c43e0bb970
2 changed files with 67 additions and 0 deletions
--- a/scripts/script.db
+++ b/scripts/script.db
@@ -79,6 +79,7 @@ Entry { filename = "http-form-brute.nse", categories = { "auth", "intrusive", }
 Entry { filename = "http-google-malware.nse", categories = { "discovery", "external", "malware", "safe", } }
 Entry { filename = "http-headers.nse", categories = { "discovery", "safe", } }
 Entry { filename = "http-iis-webdav-vuln.nse", categories = { "intrusive", "vuln", } }
+Entry { filename = "http-litespeed-sourcecode-download.nse", categories = { "exploit", "intrusive", "vuln", } }
 Entry { filename = "http-majordomo2-dir-traversal.nse", categories = { "exploit", "intrusive", "vuln", } }
 Entry { filename = "http-malware-host.nse", categories = { "malware", "safe", } }
 Entry { filename = "http-methods.nse", categories = { "default", "safe", } }