id: fastcgi-echo info: name: Fastcgi Echo Endpoint Exposure author: powerexploit severity: info description: | FastCGI module delivered with the Apache httpd server that is incorporated into the Oracle Application Server.FastCGI echo programs (echo and echo2) should be always removed or disabled in all Oracle Application Servers implementations as they can provide information at an attacker reference: - https://www.exploit-db.com/ghdb/183 - https://www.integrigy.com/oracle-application-server-fastcgi-echo-vulnerability-reports metadata: verified: true google-dork: inurl:fcgi-bin/echo tags: exposure,logs,oracle,fastcgi requests: - method: GET path: - "{{BaseURL}}/fcgi-bin/echo" matchers-condition: and matchers: - type: word part: body words: - "FastCGI echo" - type: word part: header words: - "text/html" - type: status status: - 200