nuclei-templates/exposures/logs/fastcgi-echo.yaml

id: fastcgi-echo

info:
  name: FastCGI Echo Endpoint Script - Detect
  author: powerexploit
  severity: info
  description: |
    FastCGI echo endpoint script was detected, which lists several kinds of sensitive information such as port numbers, server software versions, port numbers, and IP addresses.
  remediation: Remove or disable FastCGI module delivered with the Apache httpd server which is incorporated into the Oracle Application Server.FastCGI echo programs (echo and echo2).
  reference:
    - https://www.exploit-db.com/ghdb/183
    - https://www.integrigy.com/oracle-application-server-fastcgi-echo-vulnerability-reports
  metadata:
    verified: true
    google-query: inurl:fcgi-bin/echo
  tags: exposure,logs,oracle,fastcgi,edb

requests:
  - method: GET
    path:
      - "{{BaseURL}}/fcgi-bin/echo"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<title>FastCGI echo</title>"

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200

# Enhanced by md on 2023/03/07
Update and rename fastcgi-echo-detect.yaml to fastcgi-echo.yaml 2022-08-14 04:49:33 +00:00			`id: fastcgi-echo`
Added exposures/logs/fastcgi-echo-detect.yaml 2022-08-13 15:46:29 +00:00
			`info:`
Enhancement: exposures/logs/fastcgi-echo.yaml by md 2023-03-07 22:52:23 +00:00			`name: FastCGI Echo Endpoint Script - Detect`
Added exposures/logs/fastcgi-echo-detect.yaml 2022-08-13 15:46:29 +00:00			`author: powerexploit`
			`severity: info`
Update fastcgi-echo-detect.yaml 2022-08-13 16:30:35 +00:00			`description: \|`
Enhancement: exposures/logs/fastcgi-echo.yaml by md 2023-03-07 22:52:23 +00:00			`FastCGI echo endpoint script was detected, which lists several kinds of sensitive information such as port numbers, server software versions, port numbers, and IP addresses.`
Enhancement: exposures/logs/fastcgi-echo.yaml by md 2023-03-07 22:44:41 +00:00			`remediation: Remove or disable FastCGI module delivered with the Apache httpd server which is incorporated into the Oracle Application Server.FastCGI echo programs (echo and echo2).`
Update fastcgi-echo-detect.yaml 2022-08-13 16:31:01 +00:00			`reference:`
Added exposures/logs/fastcgi-echo-detect.yaml 2022-08-13 15:46:29 +00:00			`- https://www.exploit-db.com/ghdb/183`
			`- https://www.integrigy.com/oracle-application-server-fastcgi-echo-vulnerability-reports`
Update fastcgi-echo-detect.yaml 2022-08-13 16:30:35 +00:00			`metadata:`
			`verified: true`
Replace google-dork with google-query in all templates (#5328) * dos2unix to standardize line endings * Replace google-dork with google-query 2022-09-08 22:39:14 +00:00			`google-query: inurl:fcgi-bin/echo`
Auto Generated CVE annotations [Sat Aug 27 04:41:18 UTC 2022] :robot: 2022-08-27 04:41:18 +00:00			`tags: exposure,logs,oracle,fastcgi,edb`
Added exposures/logs/fastcgi-echo-detect.yaml 2022-08-13 15:46:29 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/fcgi-bin/echo"`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- "<title>FastCGI echo</title>"`

Update fastcgi-echo-detect.yaml 2022-08-13 16:37:24 +00:00			`- type: word`
			`part: header`
			`words:`
			`- "text/html"`

Added exposures/logs/fastcgi-echo-detect.yaml 2022-08-13 15:46:29 +00:00			`- type: status`
			`status:`
			`- 200`
Enhancement: exposures/logs/fastcgi-echo.yaml by md 2023-03-07 22:44:41 +00:00
			`# Enhanced by md on 2023/03/07`