SSIs are directives present on the Web applications. These directories are used to feed an HTML page with dynamic page contents. The SSIs are used to execute some actions before a page is loaded and while the page is being visualised. For performing this action, the web server analyses the SSI before showing the page to the user. There are many web server that permits SSI execution without any proper validation. This vulnerability can lead to an attacker accessing and manipulating the file system of the server. The attacker can then process under the permission of the web server’s administrator to completely exploit the system.
The below code is an example of SSI injection
This vulnerability can be fixed by:-