id: fastcgi-echo info: name: FastCGI Echo Endpoint Script - Detect author: powerexploit severity: info description: | FastCGI echo endpoint script was detected, which lists several kinds of sensitive information such as port numbers, server software versions, port numbers, and IP addresses. remediation: Remove or disable FastCGI module delivered with the Apache httpd server which is incorporated into the Oracle Application Server.FastCGI echo programs (echo and echo2). reference: - https://www.exploit-db.com/ghdb/183 - https://www.integrigy.com/oracle-application-server-fastcgi-echo-vulnerability-reports metadata: verified: true google-query: inurl:fcgi-bin/echo tags: exposure,logs,oracle,fastcgi,edb requests: - method: GET path: - "{{BaseURL}}/fcgi-bin/echo" matchers-condition: and matchers: - type: word part: body words: - "FastCGI echo" - type: word part: header words: - "text/html" - type: status status: - 200 # Enhanced by md on 2023/03/07