Skip to main content

SSI Injection



                             SSI (Server Side Includes)

       Injection is a  vulnerability in web applications. It is also in a OWASP TOP-10   A-1 Injection. The attackers and security auditors are  always try to find this of vulnerabilities which allow them to perform a command execution. There are a number of vulnerabilities in the category of command execution, Sql Injection, LDAP Injection, X-PATH injection and one of them is Server Side Includes (SSI) Injection. So, This article is based on SSI Injection.



What is Server Side Includes (SSI)?

 SSIs are directives present on Web applications used to feed an HTML page with dynamic contents. They are similar to CGIs, except that SSIs are used to execute some actions before the current page is loaded or while the page is being visualized. In order to do so, the web server analyzes SSI before supplying the page to the user.


What is Server Side Includes Injection (SSI)?

 it’s a server side exploit because an attacker sends some malicious code into a Web application which is executed by the Web server.

In any case, the attack will be successful only if the web server permits SSI execution without proper validation. This can lead to access and manipulation of file system and process under the permission of the web server process owner.


Examples:-

 <!--#echo var="DATE_LOCAL" -->  This command is for print out the current local Tiime.





   After written this command & when we clicked on LOOKUP Button.

   

    See The Server Response :) :) It means This Web Application is Vulnerable From SSI Injection. :)

Comments

Post a Comment

Popular posts from this blog

PowerShell for Ethical Hackers

                                                                                                              PowerShell For Ethical Hackers Blog Series  Hello my hacking buddies, Finally i am back with my blog series PowerShell for Ethical Hackers. we all know what is powershell and it easies our task same like linux bash scripting. in this blog series i'll show you some useful test cases which i have performed in real life penetration testing and i am going to show you how to write powershell script from basics to advance level. So, let's Start 😊😉 Part 1: Introduction to PowerShell, why PowerShell is important for Ethical Hackers and PowerShell Framework. Penetration Testing using PowerShell...
14 comments
Read more

PowerShell for Ethical Hackers Part 3 Introduction to PowerShell ISE & PowerShell ISE Add-On

PowerShell for Ethical Hackers Blog Series                       Part 3: Introduction to PowerShell ISE and PowerShell  ISE Add-On PowerShell ISE is Integrated Scripting Environment. In PowerShell ISE you can run commands, write scripts ,test and debug your scripts in Graphic User Interface Application.  Windows PowerShell ISE provides you many features which you can use in PowerShell ISE for do your task easy some of the features are mentioned below. Multiline Editing Selective Execution PowerShell ISE Modules Restart Manager and Auto Save Description of PowerShell ISE Features Multiline Editing: Multi Line editing is a nice feature in PowerShell ISE it saves a lot of time because at a same time you can edit multiple lines in a same file. Selective Execution:   Selective execution provides you capability to run the selective code which you want to test it means you can select...
Post a Comment
Read more

Session HI-Jacking

                       Session Hijacking in XSS to MYSQL File Hi, after a long Time i am coming with my new post how to Hijack The someone Session. sounds Interesting. is it possible to hijacking or steal someone cookie or someone Session. Yes! it's possible. I am going to telling you how's it Possible.   First! of All, it is also a Web-App Vulnerability. In OWASP TOP-10  A-2 Broken authentication   and Session managment. Covers the Session managment issues. (1) Session sniffing (2) Session fixation (3) Session hijacking First, for non-technical persons, they want to know what is Session or what is Cookie? A session can be defined as a server-side storage of information that is desired to persist throughout the user's interaction with the web site or web application.  A cookie is a small piece of text stored on a user's comp...
Post a Comment
Read more