litespeed web server exploit

sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection." {"lastseen": "2020-04-01T19:04:29", "references": [], "description": "\nLitespeed Web Server 3.2.3 - Source Code Disclosure", "edition": 1, "reporter": "Tr3mbl3r", "exploitpack": {"type": "remote", "platform": "multiple"}, "published": "2007-10-22T00:00:00", "title": "Litespeed Web Server 3.2.3 - Source Code Disclosure", "type": "exploitpack", "enchantments": {"dependencies": {"references": [], "modified": "2020-04-01T19:04:29", "rev": 2}, "score": {"value": -0.5, "vector": "NONE", "modified": "2020-04-01T19:04:29", "rev": 2}, "vulnersScore": -0.5}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2007-10-22T00:00:00", "id": "EXPLOITPACK:DCFA81FFB9787D26596BA287FBD9B19F", "href": "", "viewCount": 1, "sourceData": "########################################################################################\n########### _______ __ _____ ___ __ ###########\n########### |_ _| |--.-----.| \\.-----.' LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." General Support. #\n# #\n# Keep in mind that this vuln is Mime Type Injection... so it works with any type. Click on legend names to show/hide lines for vulnerability types #\n# When given a nullbyte. #\n# # \n# The Following is WordPress.com's Wp-Config.php #\n# http://wordpress.com/wp-config.php%00.txt #\n########################################################################################\n# ###########\n# 2 CVE-2010-2333: 200: 1 +Info 2010-06-18: 2010-07-13 2 CVE-2005-3695: XSS 2005-11-20: 2008-09-05 #\n# #\n# As to of why litespeed does this is not confirmed by us just yet. This page lists vulnerability statistics for all versions of #\n# #\n# Patch: #\n# Upgrade to LiteSpeed 3.2.4 has just been released today. If you use one of our software products such as LiteSpeed Web Server or LiteSpeed Web ADC, we may collect certain information concerning such software and concerning the server upon which the software operates. #\n# MimeType Injection. HTTP/2 is supported in 1.3.11 and 1.48+ versions. LiteSpeed is a first web server to support HTTP 2, which I will explain how to install, enable & test it. OpenLiteSpeed is open source version of Lite Speed web server. ID EXPLOITPACK:DCFA81FFB9787D26596BA287FBD9B19F Type exploitpack Reporter Tr3mbl3r Modified 2007-10-22T00:00:00. #\n# #\n# Risk: Extremely High #\n########################################################################################\n# Example: # \n# Basicly if you had a URL like so http://www.site.com/index.php. Use of this information constitutes acceptance for use in an AS IS condition. Our free, open source LSCache plugins provide simple tools to help you manage that cache. ###########\n########################################################################################\n# Product: #\n# LiteSpeed/Discovered in <==3.2.3 Should work in all other versions below. sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection." This site will NOT BE LIABLE FOR ANY DIRECT, ###########\n########### LiteSpeed Remote Mime Type Injection ###########\n########### Discovered by:Tr3mbl3r ###########\n########### Shouts to his kitty kats and tacos. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. ConfigServer eXploit Scanner (CXS) Thread starter Mark Krieger; Start date Apr 3, 2017; M. Mark Krieger Member.

Description The installed version of the LiteSpeed web server software on the remote host returns the source of scripts hosted on it when a NULL byte and '.txt' is appended to the request URL. Apr 3, 2017 #1. # \n# #\n# Vuln: #\n# Remote Mime Type Injection #\n# #\n# Description: #\n# Litespeed will parse an URL/Files mimetype incorrectly.

Fixed a bug in SSI engine. #\n########################################################################################\n# An Example of This Vuln being put in to use. LSCache, the powerful caching engine included with every new LiteSpeed Web Server license, easily handles traffic spikes and everyday loads alike.