SSI - Server Side Includes attack
The Server-Side Includes attack allows the exploitation of a web application by injecting scripts in HTML pages or executing arbitrary codes remotely. It can be exploited through manipulation of SSI in use in the application or force its use through user input fields.
Refer below Video for Exploit demo:
In this video, NETCAT is used to take Reverse Shell by exploiting SSI.
Reference:
http://www.javascriptkit.com/howto/ssi.shtml
https://httpd.apache.org/docs/2.4/howto/ssi.html
https://www.owasp.org/index.php/Server-Side_Includes_(SSI)_Injection
http://www.freewebmasterhelp.com/tutorials/ssi
Refer below Video for Exploit demo:
Reference:
http://www.javascriptkit.com/howto/ssi.shtml
https://httpd.apache.org/docs/2.4/howto/ssi.html
https://www.owasp.org/index.php/Server-Side_Includes_(SSI)_Injection
http://www.freewebmasterhelp.com/tutorials/ssi
Comments
Post a Comment