SSIs (Server-Side Includes) are directives present on web applications. These directories are used to feed an HTML page with dynamic page content.
SSIs are used to execute some actions before a page is loaded and while the page is being visualized.
For performing this action, the web server analyses the SSI before showing the page to the user.
What is SSI Injection?
SSI Injection allows an attacker to access and manipulate the file system of web servers that permit SSI execution without any proper validation.
The attacker can then process with the permission of the web server’s administrator to completely exploit the system.
Example of SSI injection
The below code is an example of SSI injection
Impact of SSI injection
- Reading, updating and deleting arbitrary data/tables from the database
- Executing commands on the underlying operating system
How to prevent SSI injection
This vulnerability can be fixed by:-
- Disabling SSI execution on pages that do not require it.
- For pages requiring SSI, only enable the SSI directives that are needed for this page and disable all others.
- Encode user supplied data before passing it to a page with SSI execution permissions.
- Use SUExec[5] to have the page execute as the owner of the file instead of the web server user.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.