Overview of Server-Side Includes(SSI) Injection
Web servers usually give developers the ability to add small pieces of dynamic code inside static HTML pages, without having to deal with full-fledged server-side or client-side languages. This feature is provided by Server-Side Includes(SSI), which are directives that the web server parses before serving the page to the user.SSI can lead to a Remote Command Execution (RCE), however most webservers have the exec directive disabled by default. This is a vulnerability very similar to a classical scripting language injection vulnerability. OWASP SSI Injection
Ready to learn more about Anvilogic?
Kickstart your security operations
Anvilogic provided the necessary threat detection automation for our small SOC, adding a significant force-multiplier advantage for my team.