CVE-2020-11108

This exploit targets CVE-2020-11108, a vulnerability in Pi-hole <=4.4.0 + Web <=4.3.3, allowing authenticated remote code execution via command injection in the blocklist settings. It creates a backdoor PHP file and triggers execution via a crafted request.

This Metasploit module exploits CVE-2020-11108 in Pi-Hole <= 4.4 by adding a malicious blocklist, forcing a gravity update to write a PHP backdoor, and escalating privileges via teleporter.php. It achieves remote code execution with root privileges.

This exploit targets Pi-hole <= 4.4 by leveraging an authenticated RCE vulnerability. It uses a multi-stage payload to upload and execute a reverse shell via PHP code injection in the blocklist settings.

This exploit targets Pi-hole <= 4.4 by leveraging an authenticated RCE vulnerability (CVE-2020-11108) via a malicious blocklist URL to upload and execute a PHP payload, resulting in a reverse shell.

This repository contains two Python scripts demonstrating remote code execution (RCE) in Pi-hole <= 4.4 via CVE-2020-11108. The first script achieves a reverse shell as www-data, while the second escalates privileges to root by overwriting teleporter.php.

This Metasploit module exploits CVE-2020-11108 in Pi-Hole <= 4.4 by adding a malicious blocklist, forcing a gravity update to write PHP payloads to the webroot, and achieving root privilege escalation via teleporter.php.