SSI Injection

SSI

SSI Injection

This class of attacks allow a hacker to transmit an executable code, which further would be executed on a web server. Vulnerabilities that lead to the possibility of these attacks implementation usually consist in the absence of data verification, supplied by the user before saving them in an interpreted file server. Before HTML page generation, the server can execute scripts (for example, Server-side Includes or SSI). In some cases, the source code is generated based on data supplied by the user. If the hacker sends SSI operators, he obtains a possibility to execute OS commands or insert some prohibited content with the next displaying.