id: fastcgi-echo

info:
  name: FastCGI Echo Endpoint Script - Detect
  author: powerexploit
  severity: info
  description: |
    FastCGI echo endpoint script was detected, which lists several kinds of sensitive information such as port numbers, server software versions, port numbers, and IP addresses.
  remediation: Remove or disable FastCGI module delivered with the Apache httpd server which is incorporated into the Oracle Application Server.FastCGI echo programs (echo and echo2).
  reference:
    - https://www.exploit-db.com/ghdb/183
    - https://www.integrigy.com/oracle-application-server-fastcgi-echo-vulnerability-reports
  metadata:
    verified: true
    max-request: 1
    google-query: inurl:fcgi-bin/echo
  tags: exposure,logs,oracle,fastcgi,edb

http:
  - method: GET
    path:
      - "{{BaseURL}}/fcgi-bin/echo"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<title>FastCGI echo</title>"

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200

# digest: 4b0a00483046022100c1515f3e8783832b51ecb2f9f9c894bbc5850ba330d49ebcdad5e01313db1abf022100b7bdb610aef885d22f7ee4934f754bed143ca8ed501c966a8218f328e3279502:922c64590222798bb761d5b6d8e72950