SSI Injection (Server-side Include) is a server-side exploit technique that allows an attacker to send code into a web application, which will later be executed locally by the web server. SSI Injection exploits a web application’s failure to sanitize user-supplied data before they are inserted into a server-side interpreted HTML file.
The Server-Side Includes attack allows the exploitation of a web application by injecting scripts in HTML pages or executing arbitrary codes remotely. It can be exploited through manipulation of SSI in use in the application or force its use through user input fields.
If an attacker submits a Server-side Include statement, he may have the ability to execute arbitrary operating system commands, or include a restricted file’s contents the next time the page is served.
Description Taken From: http://nightcode.weebly.com/ssi-injection.html
I will provide few dorks for this type of injection.
Best dork i found is
inurl:bin/Cklb/
but it gave about 863 results so not that usable.
Lets get to work shall we
Enter
inurl:bin/Cklb/
in Google and go testing.
So when you used that dork and you opened one site now you must determine id the site is vulnerable to this type of injection.
Here are some command you can use:
Credits: Stewie™
[/I]
[I][/I]
[I]Will display the Date[/I]
[I][/I]
[I]Will show which user is running on the server[/I]
[I](Linux)[/I]
[I]Will display all files in the directory[/I][I] (Windows)[/I]
[I]Will display all files in the directory[/I]
[I]
Note: You will need to use the
tags to have some commands executed.
Now take one of the commands and insert it in search boxes or login fields.
Mostly login fields are vulnerable but there is some cases when search boxes are vulnerable.
NOTE: You most enter your command into both fields (If login are vulnerable!!)
I have my site for example:
[/I]
[I]http://dev.stockphotosamerica.com/bin/Cklb
PLEASE BE REASONABLE TO THIS SITE.
DO NOT RAPE IT!
And when insert any command:
[/I]
[I]
Now we see that our command successfully executed and that our site is vulnerable….
So we have our vulnerable site and we are ready to upload a shell.
First of all you will need a .TXT of your favourite shell (Host it somewhere free hosting,hacked site or anything you got)
Now we must download it to our site like this:
[/I]
[I]
So insert your site where your shell is hosted in the command and you are ready to go.
Now just paste it into the fields and press Login or Enter.
To see if your .TXT file downloaded execute the command we used before:
[/I]
[I]
If you see that it downloaded successfully now you must rename it from .txt to .php!
You can use this command
[/I]
[I]
You rename filenames what ever you need (Offcourse you will need to put your .TXT name first.)
My command:
[/I]
[I]
Now again list the files and try to find your file now.
If you did now just access it.
That would be end of this tutorial.
I hope you learned something and do not rape sites with this
(Be smart and use them)
Dorks
Credits: Stewie™
[/I]
[I]inurl:bin/Cklb/ - Best Dork
inurl:login.shtml[/I]
[I]inurl:login.shtm[/I]
[I]inurl:login.stm[/I]
[I]inurl:search.shtml[/I]
[I]inurl:search.shtm[/I]
[I]inurl:search.stm[/I]
[I]inurl:forgot.shtml[/I]
[I]inurl:forgot.shtm[/I]
[I]inurl:forgot.stm[/I]
[I]inurl:register.shtml[/I]
[I]inurl:register.shtm[/I]
[I]inurl:register.stm[/I]
[I]inurl:login.shtml?page=
Vulnerable site to practice on:
Credits: Dan
[/I][/LEFT]
[LEFT][I]http://www.glasshouseimages.com/user/login.shtml[/I][/LEFT]
[LEFT][I]http://www.wppionlinecontest.com/user/login.shtml[/I][/LEFT]
[LEFT][I]www.cgibackgrounds.com/user/login.shtml[/I][/LEFT]
[LEFT][I]www.getstock.com/user/login.shtml[/I][/LEFT]
[LEFT][I]www.estostock.com/user/login.shtml[/I][/LEFT]
[LEFT][I]http://www.blendimages.com/user/login.shtml[/I][/LEFT]
[LEFT][I]http://www.pdnthelook.com/user/login.shtml[/I][/LEFT]
[LEFT][I]http://iloveimages.com/user/login.shtml[/I][/LEFT]
[LEFT][I]http://www.win-initiative.com/user/login.shtml (view source to see output)[/I][/LEFT]
[LEFT][I]http://thegatheringsphotocontest.com/user/login.shtml[/I][/LEFT]
[I]
[/I][/LEFT]
[LEFT][I]http://www.cgibackgrounds.com/Dan.txt