freshrss-fever-api: FreshRSS Fever API - Exposure

日期: 2026-02-03 | 影响软件: 未知 | POC: 已公开

漏洞描述

Detected an exposed FreshRSS instance with the Fever API enabled, which could allow unauthorized access to RSS feed data and user-related information via accessible Fever-compatible API endpoints.

PoC代码[已公开]

id: freshrss-fever-api

info:
  name: FreshRSS Fever API - Exposure
  author: ritikchaddha
  severity: low
  description: |
    Detected an exposed FreshRSS instance with the Fever API enabled, which could allow unauthorized access to RSS feed data and user-related information via accessible Fever-compatible API endpoints.
  reference:
    - https://freshrss.github.io/FreshRSS/en/developers/06_Fever_API.html
  metadata:
    max-request: 1
    verified: true
    shodan-query: http.html:"FreshRSS"
  tags: exposure,freshrss,fever,api

http:
  - method: GET
    path:
      - "{{BaseURL}}/api/"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "FreshRSS API endpoints"
          - "Fever compatible API"
        condition: and

      - type: status
        status:
          - 200
# digest: 4b0a0048304602210093505b4c03b3a771a23560b96ca05313898dd9fbe65db152f7fd4eaf76ff369b022100eb84ff21723006a57a3b38b7c8b01661ed7299fc74bc3133c2cd35d178b72d9d:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/apis/freshrss-fever-api.yaml