漏洞描述
FastCGI configuration file is exposed and accessible, potentially leading to sensitive information disclosure.
fastcgi-config: FastCGI Configuration - File Disclosure
PoC代码[已公开]
id: fastcgi-config
info:
name: FastCGI Configuration - File Disclosure
author: DhiyaneshDk
severity: medium
description: |
FastCGI configuration file is exposed and accessible, potentially leading to sensitive information disclosure.
metadata:
verified: true
max-request: 2
tags: fastcgi,config,exposure,vuln
http:
- method: GET
path:
- "{{BaseURL}}/fastcgi.conf"
- "{{BaseURL}}/config/fastcgi.conf"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- contains_all(body, 'fastcgi_param','fastcgi_script')
- contains(content_type, 'application/octet-stream')
condition: and
# digest: 490a0046304402205911334c5f58189624b442af283bf27c408043767351ec5a5feac4e614245294022076d78723d466236fce61b3a245eb66dd029186be5bd95d6862cbc23abd258c4c:922c64590222798bb761d5b6d8e72950