module
Pi-Hole Top Domains API Authenticated Exec
| Disclosed |
|---|
| Aug 4, 2021 |
Disclosed
Aug 4, 2021
Description
This exploits a command execution in Pi-Hole Web Interface
The Settings > API/Web inetrace page contains the field
Top Domains/Top Advertisers which is validated by a regex which does not properly
filter system commands, which can then be executed by calling the gravity
functionality. However, the regex only allows a-z, 0-9, _.
The Settings > API/Web inetrace page contains the field
Top Domains/Top Advertisers which is validated by a regex which does not properly
filter system commands, which can then be executed by calling the gravity
functionality. However, the regex only allows a-z, 0-9, _.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.