wekan-signup-page: Wekan Sign Up Page - Exposure

日期: 2026-01-24 | 影响软件: wekan | POC: 已公开

漏洞描述

Detected exposed Wekan sign-up functionality, indicating that unauthenticated users could access the registration page and potentially create new accounts.

PoC代码[已公开]

id: wekan-signup-page

info:
  name: Wekan Sign Up Page - Exposure
  author: DhiyaneshDK
  severity: medium
  description: |
    Detected exposed Wekan sign-up functionality, indicating that unauthenticated users could access the registration page and potentially create new accounts.
  reference:
    - https://wekan.fi/
  metadata:
    verified: true
    max-request: 1
    shodan-query: html:"Wekan"
  tags: wekan,sign-up,register,exposure

http:
  - method: GET
    path:
      - "{{BaseURL}}/sign-up"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "__meteor_runtime_config__"
          - "Wekan"
        condition: and

      - type: regex
        part: body
        regex:
          - "<link rel=\"stylesheet\".*meteor_css_resource=true"
# digest: 4b0a00483046022100ac96185cda3eb31ae3bc0910978e2339510538bbe96e0736ce91c373a87675c3022100cd947179b17e7975ca7d0b9dbad980f4d975ef23320229c51c1055fac67110d8:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/wekan-signup-page.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐