Attackers often exploit security vulnerabilities in web applications and inject their malicious codes into the server to steal sensitive data, spread malware, or do other malicious activities. The Server Side Includes injection attack, or SSI injection attack is one such attack. In the SSI injection attack, the attacker takes advantage of security vulnerabilities of web applications to inject their malicious code using Server Side Includes directives and perpetrate the attack. Let’s try to understand how the attack works.
What is Server Side Includes or SSI?
Nowadays, most of the web servers handle dynamic pages. It takes input from the user in the form of a text box, radio buttons, pictures, etc. The information is passed to a program in the web server, which then processes the information and generates output. The output is sent back to our browser, and our browser finally displays the HTML page.
But, at times, dynamically generating the whole page becomes inefficient, and it is not needed either. Instead, some page content can be dynamically generated and added to an existing HTML page. Server Side Includes (SSI) are directives that are used for that purpose. Using these directives, dynamic contents can be embedded into an existing HTML page and then displayed.
For example, a webpage may display local date and time to a visitor. Dynamically generating the page every time using some program or dynamic technology may be inefficient. Instead, one can put the following SSI directive to an existing HTML page:
<!–#echo var=”DATE_LOCAL” –>
As a result, whenever the page is served to the client, this particular fragment is evaluated and replaced with the current local date and time:
Sunday, 25-Jan-2016 12:00:00 EST
The decision of whether to use SSI directives to generate a particular fragment of the page dynamically or to generate the whole page dynamically using some dynamic technology often depends on how much of the page is to be dynamically generated. If a major part of the page content is to be dynamically generated, then SSI may not be a good solution.
What is the SSI injection attack, and how does it work?
In the SSI injection attack, the attacker first finds out whether a web application is vulnerable …
0 Comments