Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-28247 PoC — Pihole Authenticated Arbitrary File Read with root privileges

Source
https://github.com/T0X1Cx/CVE-2024-28247-Pi-hole-Arbitrary-File-Read
Associated Vulnerability
Title:Pihole Authenticated Arbitrary File Read with root privileges (CVE-2024-28247)
Description:The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbitrarily, and because the application runs from behind, reading files is done as a privileged user.If the URL that is in the list of "Adslists" begins with "file*" it is understood that it is updating from a local file, on the other hand if it does not begin with "file*" depending on the state of the response it does one thing or another. The problem resides in the update through local files. When updating from a file which contains non-domain lines, 5 of the non-domain lines are printed on the screen, so if you provide it with any file on the server which contains non-domain lines it will print them on the screen. This vulnerability is fixed by 5.18.
Description
This repository provides an exploit for CVE-2024-28247, highlighting a vulnerability that permits a remote attacker to read arbitrary files on the system.
Readme
# CVE-2024-28247 Pi-hole Arbitrary File Read

## Description
This repository contains an exploit for CVE-2024-28247, a high vulnerability (CVSS 7.6) discovered in Pi-hole, a DNS sinkhole widely used to block advertisements and track domains at the network level. 

The vulnerability arises from the mishandling of file paths when accessed via the "file://" handler, allowing a remote attacker to read arbitrary files on the system. 

Exploiting this vulnerability enables the attacker to control the path of the files to read, thereby permitting the reading of arbitrary files on the system with root privileges. 

Such a security flaw not only breaches the system's data confidentiality but also undermines its integrity by allowing unauthorized access to sensitive information.

Affected Versions:
- Up to Pi-hole version 5.17.3, with the issue resolved in version 5.18.

## Installation
Ensure Python is installed on your system to utilize this exploit. Clone the repository and set up the necessary environment as follows:

```bash
git clone https://github.com/T0X1Cx/CVE-2024-28247-Pi-hole-Arbitrary-File-Read.git
cd CVE-2024-28247-Pi-hole-Arbitrary-File-Read
pip install -r requirements.txt
```

## Usage
Execute the exploit using the command below:

```bash
python3 exploit.py [Pi-Hole URL] [Admin password]
```

## Proof of Concept

![POC](https://raw.githubusercontent.com/T0X1Cx/CVE-2024-28247-Pi-hole-Arbitrary-File-Read/main/poc.png)

## Disclaimer
This exploit is for educational and ethical security testing purposes only. The use of this exploit against targets without prior mutual consent is illegal, and the developer disclaims any liability for misuse or damage caused by this exploit.

## Credits
Exploit developed by Julio Ángel Ferrari (Aka. T0X1Cx)
File Snapshot

 [4.0K]  /data/pocs/881c00d8e26136b01125573d90ad9973f7561736
├── [3.4K]  exploit.py
├── [ 11K]  poc.png
├── [1.7K]  README.md
└── [  31]  requirements.txt

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →