http-axis2-dir-traversal exploits a directory traversal vulnerability in Apache Axis2 version 1.4.1 by sending a specially crafted request to the parameter <code>xsd</code> (OSVDB-59001). By default it will try to retrieve the configuration file of the Axis2 service <code>'/conf/axis2.xml'</code> using the path <code>'/axis2/services/'</code> to return the username and password of the admin account.
http-litespeed-sourcecode-download.nse exploits a null-byte poisoning vulnerability in Litespeed Web Servers 4.0.x before 4.0.15 to retrieve the target script's source code by sending a HTTP request with a null byte followed by a .txt file extension (CVE-2010-2333).
If the server is not vulnerable it returns an error 400. If index.php is not found, you may try /phpinfo.php which is also shipped with LiteSpeed Web Server. The attack payload looks like this:
* <code>/index.php\00.txt</code>
References:
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2333
* http://www.exploit-db.com/exploits/13850/
library. The cvs-brute-repository script allows for guessing possible
repository names needed in order to perform password guessing using the
cvs-brute.nse script. [Patrik]
- Check the port.version.product in the portrule to see if it matches
the 'Exim smtpd'
- If the script was not able to confirm the vulnerability but the Exim
version is between 4.70 and 4.75, then report: "LIKELY VULNERABLE".
assigned to this backdoor.
Added a final 'exit' command to terminate the remote '/bin/sh', however I don't
think that this is necessary since the backdoor was very simple: it did not
fork(), and closing the stdin of the '/bin/sh' will terminate it.
description = [[
http-google-malware checks if hosts are on Google's blacklist of suspected malware and phishing servers. These lists are constantly updated and are part of Google's Safe Browsing service.
To do this the script queries the Google's Safe Browsing service and you need to have your own API key to access Google's Safe Browsing Lookup services. Sign up for yours at http://code.google.com/apis/safebrowsing/key_signup.html
* To learn more about Google's Safe Browsing:
http://code.google.com/apis/safebrowsing/
* To register and get your personal API key:
http://code.google.com/apis/safebrowsing/key_signup.html
]]
---
-- @usage
-- nmap -p80 --script http-google-malware <host>
--
-- @output
-- PORT STATE SERVICE
-- 80/tcp open http
-- |_http-google-malware.nse: Host is known for distributing malware.
--
-- @args http-google-malware.url URL to check. Default: <code>http/https</code>://<code>host</code>
-- @args http-google-malware.api API key for Google's Safe Browsing Lookup service
---
