Merge pull request #5099 from powerexploit/template_fastcgi_echo
Added fastcgi-echo-detection templatepatch-1
commit
d1929b89df
|
@ -0,0 +1,36 @@
|
||||||
|
id: fastcgi-echo
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Fastcgi Echo Endpoint Exposure
|
||||||
|
author: powerexploit
|
||||||
|
severity: info
|
||||||
|
description: |
|
||||||
|
FastCGI module delivered with the Apache httpd server that is incorporated into the Oracle Application Server.FastCGI echo programs (echo and echo2) should be always removed or disabled in all Oracle Application Servers implementations as they can provide information at an attacker
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/ghdb/183
|
||||||
|
- https://www.integrigy.com/oracle-application-server-fastcgi-echo-vulnerability-reports
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
google-dork: inurl:fcgi-bin/echo
|
||||||
|
tags: exposure,logs,oracle,fastcgi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/fcgi-bin/echo"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- "<title>FastCGI echo</title>"
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: header
|
||||||
|
words:
|
||||||
|
- "text/html"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
Loading…
Reference in New Issue