From c8072760f4b387fc23d4d25f43026bdf9c6a44f7 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Thu, 18 Jul 2024 18:04:32 +0530 Subject: [PATCH 1/2] Create freshrss-installer.yaml --- .../installer/freshrss-installer.yaml | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 http/misconfiguration/installer/freshrss-installer.yaml diff --git a/http/misconfiguration/installer/freshrss-installer.yaml b/http/misconfiguration/installer/freshrss-installer.yaml new file mode 100644 index 0000000000..33857e7dae --- /dev/null +++ b/http/misconfiguration/installer/freshrss-installer.yaml @@ -0,0 +1,32 @@ +id: freshrss-installer + +info: + name: FreshRSS - Installation + author: ritikchaddha + severity: high + description: | + FreshRSS Installation panel has been exposed. + metadata: + max-request: 1 + verified: true + fofa-query: title="Installation · FreshRSS" + tags: freshrss,misconfig,install + +http: + - method: GET + path: + - "{{BaseURL}}/i/?rid=66990a7fde984" + + host-redirects: true + max-redirects: 2 + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'Installation · FreshRSS' + + - type: status + status: + - 200 From 1f1daa2dd57eacfde07a59ead697e5cf2f158dca Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Thu, 18 Jul 2024 19:21:08 +0530 Subject: [PATCH 2/2] minor update --- http/misconfiguration/installer/freshrss-installer.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/misconfiguration/installer/freshrss-installer.yaml b/http/misconfiguration/installer/freshrss-installer.yaml index 33857e7dae..3c859f581b 100644 --- a/http/misconfiguration/installer/freshrss-installer.yaml +++ b/http/misconfiguration/installer/freshrss-installer.yaml @@ -15,7 +15,7 @@ info: http: - method: GET path: - - "{{BaseURL}}/i/?rid=66990a7fde984" + - "{{BaseURL}}/i/?rid" host-redirects: true max-redirects: 2