CVE-2020-8816

A Python script to exploit CVE-2020-8816, a remote code execution vulnerability on the Pi-hole

CVE-2020-8816 A Python script to exploit CVE-2020-8816, a remote code execution vulnerability on the Pi-hole This script uses the techniques found by François Renaud-Philippon to achieve remote code execution on a Pi-hole running a web interface version less than 433 The exploit requires the path for the www-data user to be /opt/pihole:/usr/local/sbin:/usr/local/bin:

Pi-hole ( <= 4.3.2) authenticated remote code execution.

CVE 2020-8816 : Pi-hole (versions &lt;= 432 ) is affected by a Remote Code Execution vulnerability An authenticated user of the Web portal can execute arbitrary command with the underlying server with the privileges of the local user executing the service EXAMPLE : go run CVE-2020-8816go -host $LHOST -p $LPORT -pass admin -u 4c9a7a45fa37ngrokio/admin/ or do

Pi-hole Remote Code Execution authenticated Version >= 4.3.2

CVE-2020-8816 Pi-hole Remote Code Execution authenticated Version &gt;= 432 Usage python3 CVE-2020-8816py -u 10101010 -i 101014172 -p 1337 -pass admin Example More info natedotredwordpresscom/2020/03/28/cve-2020-8816-pi-hole-remote-code-execution/

Pizza Shop About This VM was created by team Eternal Pizza representing Seneca College/Ontario for the CyberSci 2020 Nationals online CTF Challenge Roadmap This VM has 6 challenges totaling 100 points The challenges are split up by their difficulty, as well as the the order of their completion Challenge Difficulty Score Value Find out where the admin of the forum l

A PoC for CVE-2020-8816 that does not use $PATH but $PWD and globbing

Notes to defend against this exploit Patching Just do it now Subscribe to/watch the Pi-hole repository for new releases (and Issues and Pull requests if you're serious) Network Do not expose Pi-hole to the internet Only expose Pi-hole DNS port 53 to DNS clients, not other ports like management interface Management Use unique and complex (meaning many charact