Server-Side Includes(SSI) Injection

Server-Side Includes(SSI) Injection

Server
Share:

Overview of Server-Side Includes(SSI) Injection

Web servers usually give developers the ability to add small pieces of dynamic code inside static HTML pages, without having to deal with full-fledged server-side or client-side languages. This feature is provided by Server-Side Includes(SSI), which are directives that the web server parses before serving the page to the user.SSI can lead to a Remote Command Execution (RCE), however most webservers have the exec directive disabled by default. This is a vulnerability very similar to a classical scripting language injection vulnerability. OWASP SSI Injection

References

Request Access to Use Case Repository

Tags

Initial Access

Splunk

Chat with our team to receive a free maturity assessment

Get in Touch

You May Also Like

Ready to learn more about Anvilogic?

Kickstart your security operations

Anvilogic provided the necessary threat detection automation for our small SOC, adding a significant force-multiplier advantage for my team.