漏洞描述
Detected an exposed FreshRSS instance with the Google Reader API enabled, which could have allowed unauthorized access to RSS feeds and user-related data via accessible API endpoints.
freshrss-api: FreshRSS Google Reader API Exposure
PoC代码[已公开]
id: freshrss-api
info:
name: FreshRSS Google Reader API Exposure
author: DhiyaneshDk
severity: low
description: |
Detected an exposed FreshRSS instance with the Google Reader API enabled, which could have allowed unauthorized access to RSS feeds and user-related data via accessible API endpoints.
reference:
- https://freshrss.github.io/FreshRSS/en/developers/06_GoogleReader_API.html
metadata:
max-request: 1
verified: true
shodan-query: http.html:"FreshRSS"
tags: exposure,freshrss,google,api
http:
- method: GET
path:
- "{{BaseURL}}/api/"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "FreshRSS API endpoints"
- "Google Reader compatible API"
condition: or
- type: status
status:
- 200
# digest: 490a0046304402200a0f173a21d04117b98655c3499b32e8bac15772946f5d660db92814f881003402204b71953c755883f3dfd44cae94e80ac3aa3ec1ae8984f54edbbe2889c22bc954:922c64590222798bb761d5b6d8e72950