jackett-unauth: Jackett UI - Unauthenticated

日期: 2025-08-01 | 影响软件: Jackett UI | POC: 已公开

漏洞描述

The Jackett UI can be accessed without authentication, potentially exposing sensitive information and configuration settings to unauthorized users.

PoC代码[已公开]

id: jackett-unauth

info:
  name: Jackett UI - Unauthenticated
  author: ProjectDiscoveryAI
  severity: high
  description: |
    The Jackett UI can be accessed without authentication, potentially exposing sensitive information and configuration settings to unauthorized users.
  metadata:
    verified: true
    max-request: 2
    shodan-query: title:"Jackett"
    fofa-query: title="Jackett"
  tags: unauth,misconfig,exposure,jackett-ui,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/UI/Dashboard"
      - "{{BaseURL}}/jackett/UI/Dashboard"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        words:
          - "Jackett"
          - "API Key:"
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a004730450220212a2225297570f7b926ddae5f306d84794736315eae92475b999ae3f324fa6b022100c793991c6100ef6e64da20c15bcee42cbbd1b07398ad81b0656b395995131a13:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/jackett-unauth.yaml