Techly NewsGet the app

Get the latest tech news

The Harmless Pi-Hole Bug


In my journey as a bug bounty hunter, one of the things that I do all the time is pentesting web applications without access to the source code. This is known as black-box testing. So when I recently purchased a Raspberry Pi and installed Pi-hole for use in my home network, I started thinking about testing for a change, a piece of open source software I’m using for security flaws.

So when I recently purchased a Raspberry Pi and installed Pi-hole for use in my home network, I started thinking about testing for a change, a piece of open source software I’m using for security flaws. With this collapsed view of the if / elseif statements, I turned my attention to the three HTTP GET parameters which when accessed with the api.php endpoint would execute code without checking the$auth variable. So I went ahead and added a check of the $auth variable to the code, created a pull request, and my changes were accepted and merged into the developmental branch of version 5.21.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Harmless Pi-Hole Bug

Harmless Pi-Hole Bug

« iOS 18 beta 7 now rolling out as final release quickly approaches
Dune: Awakening out next year on PC, here's a first look at gameplay »