CVE-2007-5654

LiteSpeed Web Server < 3.2.3 - Mime Type Injection via Null Byte Extension Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5654. PoCs published by Tr3mbl3r.

AI-analyzed exploit summary This is a technical writeup detailing a remote Mime Type Injection vulnerability in LiteSpeed web server versions <= 3.2.3. The vulnerability allows an attacker to manipulate the perceived MIME type of a file by injecting a null byte followed by an extension, potentially leading to information disclosure or other attacks.

Description

LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection."

Exploits (1)

exploitdb WRITEUP VERIFIED

by Tr3mbl3r · textremotemultiple

https://www.exploit-db.com/exploits/4556

View Code ZIP pw:eip

This is a technical writeup detailing a remote Mime Type Injection vulnerability in LiteSpeed web server versions <= 3.2.3. The vulnerability allows an attacker to manipulate the perceived MIME type of a file by injecting a null byte followed by an extension, potentially leading to information disclosure or other attacks.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: LiteSpeed <= 3.2.3

No auth needed

Prerequisites: Access to a LiteSpeed web server with version <= 3.2.3

MITRE ATT&CK