漏洞描述
FreshRSS Installation panel has been exposed.
freshrss-installer: FreshRSS - Installation
PoC代码[已公开]
id: freshrss-installer
info:
name: FreshRSS - Installation
author: ritikchaddha
severity: high
description: |
FreshRSS Installation panel has been exposed.
classification:
cpe: cpe:2.3:a:freshrss:freshrss:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: freshrss
product: freshrss
fofa-query: title="Installation · FreshRSS"
tags: freshrss,misconfig,install,vuln
http:
- method: GET
path:
- "{{BaseURL}}/i/?rid"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'Installation · FreshRSS'
- type: status
status:
- 200
# digest: 4b0a00483046022100a27011704a426c837a622fdc1999ce269b7843bd2f25cee5d88870d76b664033022100dd2229a458650d7a1d47f8b5d27d944c59d26b7c04ee60c97449ec711fab73f3:922c64590222798bb761d5b6d8e72950