Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Pi-Hole 2.8.1 Cross Site Scripting

🗓️ 16 Aug 2016 00:00:00Reported by loneferretType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 35 Views

Pi-Hole Web Interface Stored XSS in White/Black list file, Pi-Hole v2.8.

Code
`# Exploit Title: Pi-Hole Web Interface Stored XSS in White/Black list file  
# Author: loneferret from Kioptrix  
# Product: Pi-Hole  
# Version: Web Interface 1.3  
# Web Interface software: https://github.com/pi-hole/AdminLTE  
# Version: Pi-Hole v2.8.1  
# Discovery date: July 20th 2016  
# Vendor Site: https://pi-hole.net  
# Software Download: https://github.com/pi-hole/pi-hole  
# Tested on: Ubuntu 14.04  
# Solution: Update to next version.  
  
# Software description:  
# The Pi-hole is an advertising-aware DNS/Web server. If an ad domain is queried,  
# a small Web page or GIF is delivered in place of the advertisement.  
# You can also replace ads with any image you want since it is just a simple  
# Webpage taking place of the ads.  
  
# Note: Not much of a vulnerability, implies you already have access  
# to the box to begin with. Still best to use good coding practices,  
# and avoid such things.  
  
# Vulnerability PoC: Stored XSS  
# Insert this:  
# <script>alert('This happens...');</script>  
# In either /etc/pihole/blacklist.txt || /etc/pihole/whitelist.txt  
#  
# Then navigate to:  
# http://pi-hole-server/admin/list.php?l=white  
# or  
# http://pi-hole-server/admin/list.php?l=black  
#  
# And a pop-up will appear.  
  
# Disclosure timeline:  
# July 20th 2016: Sent initial email to author.  
# July 21st 2016: Response, bug has been forwarded to web dev people  
# July 22nd 2016: Asked to be kept up to date on fix  
# July 27th 2016: Author replied saying he shall  
# July 28th 2016: - Today I had chocolat milk -  
# August 3rd 2016: Reply saying there's a fix, waiting on "Mark" to confirm  
# August 3rd 2106: Supplies URL to fix from Github https://github.com/pi-hole/AdminLTE/pull/120  
# August 4th 2016: Thanked him for fix, informed him of a lame LFI in the web interface as well.  
# August 4th 2016: - While drinking my coffee, I realize my comments are longer than the actual PoC. -  
# August 10th 2016: Still nothing  
# August 12th 2016: Submitting this is taking too much time to integrate their fix  
  
--   
Notice: This email does not mean I'm consenting to receiving promotional   
emails/spam/etc. Remember Canada has laws.  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
16 Aug 2016 00:00Current
7.4High risk
Vulners AI Score7.4
xsspi-holeweb interfacestoredcross site scriptingubuntuvulnerabilitydisclosure timelineupdategithubadminltedns/web server
35