SSI (Server Side Includes) Injection is a vulnerability in web applications. It is also in a OWASP TOP-10 A-1 Injection. The attackers and security auditors are always try to find this of vulnerabilities which allow them to perform a command execution. There are a number of vulnerabilities in the category of command execution, Sql Injection, LDAP Injection, X-PATH injection and one of them is Server Side Includes (SSI) Injection. So, This article is based on SSI Injection. What is Server Side Includes (SSI)? SSIs are directives present on Web applications used to feed an HTML page with dynamic contents. They are similar to CGIs, except that SSIs are used to execute some actions before the current page is loaded or while the page is being visualized. In order to do so, the web server analyzes SSI before supplying the page to the...