Blog

Upcoming Webinar

On-Demand Webinar

On-Demand Webinar

Blog

2021-05-04

Server-Side Includes(SSI) Injection

Server-Side Includes(SSI) Injection

Overview of Server-Side Includes(SSI) Injection

Web servers usually give developers the ability to add small pieces of dynamic code inside static HTML pages, without having to deal with full-fledged server-side or client-side languages. This feature is provided by Server-Side Includes(SSI), which are directives that the web server parses before serving the page to the user.SSI can lead to a Remote Command Execution (RCE), however most webservers have the exec directive disabled by default. This is a vulnerability very similar to a classical scripting language injection vulnerability. OWASP SSI Injection

References

https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/08-Testing_for_SSI_Injection.html

Request Access to Use Case Repository

Tags

Initial Access

Splunk

Chat with our team to receive a free maturity assessment

You May Also Like

Women Reshaping the Cybersecurity Industry

Forge Charged News: The Most Electrifying News From April 2023

Ready to learn more about Anvilogic?

Kickstart your security operations

Contact Sales Request Demo

Anvilogic provided the necessary threat detection automation for our small SOC, adding a significant force-multiplier advantage for my team.

Lucas Moody

CISO, formerly Twitter

Contact Sales Request Demo