fusionauth-admin-setup: FusionAuth Exposed Admin Setup

日期: 2025-08-01 | 影响软件: fusionauth admin setup | POC: 已公开

漏洞描述

FusionAuth Admin Setup is exposed.

PoC代码[已公开]

id: fusionauth-admin-setup

info:
  name: FusionAuth Exposed Admin Setup
  author: ritikchaddha
  severity: high
  description: FusionAuth Admin Setup is exposed.
  classification:
    cpe: cpe:2.3:a:fusionauth:fusionauth:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: fusionauth
    product: fusionauth
    shodan-query: title:"FusionAuth Setup Wizard"
    fofa-query: title="FusionAuth Setup Wizard"
  tags: misconfig,fusionauth,admin,setup,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/admin/setup-wizard"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '<title>FusionAuth Setup Wizard'
          - 'FusionAuth is now installed and running'
        condition: or

      - type: status
        status:
          - 200
# digest: 4b0a004830460221008bcc506c7b7ca393e7fdd7b29a6359b5ca3d95e2bf9017fded4169425d34d87b022100aa9bb1654a6c369776dd48e078c53a64023254c13962286fbe40463e777fe9d3:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/fusionauth-admin-setup.yaml