You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Openlitespeed Web Server 1.7.8 - Privilege Escalation (CVE-2021-26758)
OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system.
The "path" parameter has command injection vulnerability that leads to escalate privilege.
OpenLiteSpeed (1.7.8) web server runs with user(nobody):group(nogroup) privilege. However, extUser and
extGroup parameters could be used to join a group (GID) such as shadow, sudo, etc.
# Description
I found a way to escalate privileges on Ubuntu 18.04 via OpenLiteSpeed web server that runs with *user(nobody):group(nogroup)* privilege . According to this vulnerability , system user that has admin panel credentials can add himself to sudo group or shadow group( to read /etc/shadow file) . So that the user can execute command with high privileges.
