Security Research Report
Meemup
Severity
Critical
Findings
5+
Origin IPs leaked
3
Open ports
15+
Responsible Disclosure
Everything here was found through passive recon and responsible testing. Nothing was exploited for personal gain. Sensitive details like IPs and internal URLs are blurred on purpose. Full breakdown available on private request.
Findings
Cloudflare Origin Bypass
Multiple subdomains leak true origin IPs, fully bypassing Cloudflare protection.
Massive Open Port Exposure
Origin server has an enormous exposed footprint. Ports found open:
Exposed Internal Documentation
Internal test pages and printer setup guides are world-readable with zero authentication.
Host Header Injection
The origin server blindly trusts the Host header for redirects. Affected endpoints: /login, /home, /forgot-password, /reset-password. Risk: password-reset link poisoning, cache poisoning, phishing users to a fake login page.
jQuery Selector Injection
Uses jQuery 1.12.4 โ scrolling-nav.js passes an unsanitised URL hash directly into $(). Exploitable if a victim clicks a crafted anchor link.
Recommended Fixes
Firewall your origin IPs to Cloudflare ranges only โ block everything else at the server level
Move docs, demo-four, and relay subdomains behind Cloudflare
Disable GraphQL introspection and field suggestion in Wiki.js
Delete or lock down internal test and printer docs pages โ they're public right now
Rate-limit your login endpoint and IP-restrict your admin panel
Fix your HSTS config โ max-age should be at least 1 year
Harden SSH, mail, and database services on your origin servers