306
FastCGI sample echo2.exe cross site scripting
CGI
2005/01/04
Marc Ruef
marc.ruef at computec.ch
http://www.computec.ch
computec.ch
1.0
tcp
80
open|send GET /fcgi-bin/echo2.exe?foo=atk HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# ### *atk*
98
The NASL script is Copyright (C) 2002 Matt Moore
FastCGI
Cross Site Scripting
Two sample CGI's supplied with FastCGI are vulnerable to cross-site scripting attacks. FastCGI is an 'open extension to CGI that provides high performance without the limitations of server specific APIs', and is included in the default installation of the 'Unbreakable' Oracle9i Application Server. Various other web servers support the FastCGI extensions (Zeus, Pi3Web etc). Two sample CGI's are installed with FastCGI, (echo.exe and echo2.exe under Windows, echo and echo2 under Unix). Both of these CGI's output a list of environment variables and PATH information for various applications. They also display any parameters that were provided to them. Hence, a cross site scripting attack can be performed via a request.
Always remove sample applications from production servers.
Approx. 1 hour
Yes
Yes
Yes
High
6
8
8
7
High
Nessus can check this flaw with the plugin 10838 (FastCGI samples Cross Site Scripting).
10838
Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
http://www.computec.ch
