CVE-2020-11108 PoC — Pi-hole Gravity updater 代码问题漏洞

Source

https://github.com/Frichetten/CVE-2020-11108-PoC

Associated Vulnerability

Title:Pi-hole Gravity updater 代码问题漏洞 (CVE-2020-11108)
Description:Pi-hole是Pi-hole公司的一款网络级广告拦截应用程序。Gravity updater是使用在其中的一个自动更新插件。 Pi-hole 4.4及之前版本中的Gravity updater的gravity_DownloadBlocklistFromUrl存在安全漏洞。攻击者可利用该漏洞向Web目录中写入PHP文件，执行代码。

Description

PoCs for CVE-2020-11108; an RCE and priv esc in Pi-hole

Readme

# CVE-2020-11108-PoC

Two PoCs are in this repo. cve-2020-11108-rce.py will give you a shell as the www-data user. root-cve-2020-11108-rce.py will give you a shell and escalate privileges to root. Note: This is destructive as we must overwrite teleporter.php. 

For a full explanation/writeup please see <a href="http://frichetten.com/blog/cve-2020-11108-pihole-rce/#pk_campaign=github">this</a> blog post.

File Snapshot


 [4.0K]  /data/pocs/06c102327697b540e74b809ef79c225d8c699535
├── [3.4K]  cve-2020-11108-rce.py
├── [ 407]  README.md
└── [4.4K]  root-cve-2020-11108-rce.py

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!