SSI - Server Side Includes attack

The Server-Side Includes attack allows the exploitation of a web application by injecting scripts in HTML pages or executing arbitrary codes remotely. It can be exploited through manipulation of SSI in use in the application or force its use through user input fields.

Refer below Video for Exploit demo:




In this video, NETCAT is used to take Reverse Shell by exploiting SSI.

Reference:
http://www.javascriptkit.com/howto/ssi.shtml
https://httpd.apache.org/docs/2.4/howto/ssi.html
https://www.owasp.org/index.php/Server-Side_Includes_(SSI)_Injection
http://www.freewebmasterhelp.com/tutorials/ssi

Comments

Popular posts from this blog

JTAG PIN Identification

CWE vs CVE