mirror of
https://github.com/nmap/nmap.git
synced 2025-12-07 13:11:28 +00:00
c43e0bb970
http-litespeed-sourcecode-download.nse exploits a null-byte poisoning vulnerability in Litespeed Web Servers 4.0.x before 4.0.15 to retrieve the target script's source code by sending a HTTP request with a null byte followed by a .txt file extension (CVE-2010-2333). If the server is not vulnerable it returns an error 400. If index.php is not found, you may try /phpinfo.php which is also shipped with LiteSpeed Web Server. The attack payload looks like this: * <code>/index.php\00.txt</code> References: * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2333 * http://www.exploit-db.com/exploits/13850/
2.5 KiB
2.5 KiB