11 matches found
Pi-Hole Adminlte 安全漏洞
Pi-Hole Adminlte is a control panel used for collecting more data. Versions of Pi-Hole Adminlte from 6.0 to 6.5 had security vulnerabilities. These vulnerabilities stemmed from a reflection-based DOM cross-site scripting vulnerability in the taillog.js library, which could allow unauthenticated...
Pi-Hole Adminlte 跨站脚本漏洞
Pi-Hole Adminlte is a control panel used for collecting more data. Versions of Pi-Hole Adminlte from 6.0 to 6.5 had a cross-site scripting vulnerability. This vulnerability occurred due to the direct insertion of configuration values into HTML attributes without escaping, which could lead to HTML...
Pi-Hole Adminlte 跨站脚本漏洞
Pi-Hole Adminlte is a control panel used for collecting more data. Versions of Pi-Hole Adminlte from 6.0 to 6.5 had a cross-site scripting vulnerability. This vulnerability stemmed from the lack of escaping of client hostname and IP address values in tooltips for web pages and dashboard charts,...
Pi-Hole Adminlte 注入漏洞
Pi-Hole Adminlte is a control panel. It is used for statistics More... An injection vulnerability exists in Pi-Hole Adminlte versions prior to 6.3 that stems from failure to properly clean up input when redirecting requests for files with the .lp extension, which could lead to a CRLF injection...
Pi-Hole Adminlte 路径遍历漏洞
Pi-Hole Adminlte is a control panel. It is used for statistics More... A path traversal vulnerability exists in Pi-Hole Adminlte version 3.1.0, which stems from the presence of directory traversal and can be exploited by a remote attacker to gain privilege escalation and view sensitive informatio...
CVE-2022-31029 Authenticated XSS in Pi-hole AdminLTE
AdminLTE is a Pi-hole Dashboard for stats and configuration. In affected versions inserting code like alert"XSS" in the field marked with "Domain to look for" and hitting enter or clicking on any of the buttons will execute the script. The user must be logged in to use this vulnerability. Usually...
Pi-Hole Adminlte 跨站脚本漏洞
Pi-Hole Adminlte is a Pi-Hole control panel. It is used for statistical More... Pi-Hole adminlte suffers from a cross-site scripting vulnerability that stems from the vulnerability to incorrect neutralization of input during web page generation "cross-site scripting"...
Pi-Hole Adminlte 跨站脚本漏洞
Pi-Hole Adminlte is a Pi-Hole control panel. It is used for statistical More... Pi-Hole adminlte suffers from a cross-site scripting vulnerability that stems from the vulnerability to incorrect neutralization of input during web page generation "cross-site scripting"...
Pi-Hole Adminlte 安全漏洞
Pi-Hole Adminlte is a Pi-Hole control panel. It is used for statistical More... Pi-Hole Adminlte has a security vulnerability that originates from an improperly designed or implemented code development process for a networked system or product...
Cross-site Scripting (XSS) - Reflected in pi-hole/adminlte
✍️ Description Reflected XSS on any POST parameters with a correct token on /admin/settings.php When field is not in the defined list , $debug value is set to true , and the $POST is dumped without filtering 🕵️♂️ Proof of Concept 1. Login as admin 2. Settings - Flush log 3. replace field with XSS...
Cross-site Scripting (XSS) - Reflected in pi-hole/adminlte
✍️ Description Reflected XSS in POST /admin/scripts/pi-hole/php/customcname.php 🕵️♂️ Proof of Concept 1. Login as admin, Go to Local DNS - CNAME Records - Add a new CNAME record 2. Input alert1 in domain field and anything in target domain. 3. The Payload in post body domain is URL encoded, use a...