CVE-2020-8816 PoC — Pi-hole 操作系统命令注入漏洞

Source

https://github.com/AndreyRainchik/CVE-2020-8816

Associated Vulnerability

Title:Pi-hole 操作系统命令注入漏洞 (CVE-2020-8816)
Description:Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.

Description

A Python script to exploit CVE-2020-8816, a remote code execution vulnerability on the Pi-hole

Readme

# CVE-2020-8816
A Python script to exploit CVE-2020-8816, a remote code execution vulnerability on the Pi-hole.

This script uses the techniques found by [François Renaud-Philippon](https://natedotred.wordpress.com/2020/03/28/cve-2020-8816-pi-hole-remote-code-execution/) to achieve remote code execution on a [Pi-hole](https://pi-hole.net/) running a web interface version less than 4.3.3. The exploit requires the path for the www-data user to be `/opt/pihole:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin`.

```
> python3 .\CVE-2020-8816.py -h
usage: CVE-2020-8816.py [-h] url password ip port

Receive a reverse shell on a Pi-hole with access to the admin web console

positional arguments:
  url         The URL of the Pi-hole console
  password    The admin password for the Pi-hole console
  ip          The IP address for the reverse shell to connect to
  port        The port for the reverse shell to connect to

optional arguments:
  -h, --help  show this help message and exit
```

![The script in action](example.gif "The script in action")

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!