From c8072760f4b387fc23d4d25f43026bdf9c6a44f7 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Thu, 18 Jul 2024 18:04:32 +0530
Subject: [PATCH] Create freshrss-installer.yaml

---
 .../installer/freshrss-installer.yaml         | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 http/misconfiguration/installer/freshrss-installer.yaml

diff --git a/http/misconfiguration/installer/freshrss-installer.yaml b/http/misconfiguration/installer/freshrss-installer.yaml
new file mode 100644
index 0000000000..33857e7dae
--- /dev/null
+++ b/http/misconfiguration/installer/freshrss-installer.yaml
@@ -0,0 +1,32 @@
+id: freshrss-installer
+
+info:
+  name: FreshRSS - Installation
+  author: ritikchaddha
+  severity: high
+  description: |
+    FreshRSS Installation panel has been exposed.
+  metadata:
+    max-request: 1
+    verified: true
+    fofa-query: title="Installation · FreshRSS"
+  tags: freshrss,misconfig,install
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/i/?rid=66990a7fde984"
+
+    host-redirects: true
+    max-redirects: 2
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'Installation · FreshRSS'
+
+      - type: status
+        status:
+          - 200