SSI Injection

In this tutorial, I will write about SSI Injection hope you like it. =)

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

-Wikipedia

Server-side Include Injection gives us the power to execute OS commands or include a restricted files contents the next time the page is served.

First, you need to find vulnerable site. =D
Here are some dorks:

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

Hope those are enough!

Time to test sites for vulnerability.

To find if the site is vulnerable, you should enter OS command.

Here are some example commands.

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

Write one of those commands in text box, login/registration fields etc...



So when, you have find and test site for vulnerability its time to exploit it.
We are going to upload shell, you can download shells from my

[To see links please register here]

.
Ok, now you need .txt extension to your shell and you should upload it some where (hacked site, hosting...).
And, you should download it to the site who is vulnerable to SSI Injection. This is the command you should use.

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

So, if the text file is downloaded execute this command.

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

This coomand will show every file in the directory.
Now its time to change the extension to .php .

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

Now run listen command again.

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

And, your shell should be .php run it if every thing is OK, you have successful exploit the site.

Nice tutorial. The grammar is decent as well.

Hm, I always get forwarded to nsa.gov when i try to upload my shell, seems like this is not working anymore :/

(11-09-2012, 12:47 PM)Oneiiros Wrote:

[To see links please register here]

Hm, I always get forwarded to nsa.gov when i try to upload my shell, seems like this is not working anymore :/

No idea, last time I exploit site with SSI Injection was before maybe year, I have try to exploit one site and I get into nsa.gov too, I will see what I can do.

Edit : Try attacking this site

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

, I haven't upload shell but i have try some commands and haven't redirect me to nsa.gov .

The user:
[an error occurred while processing this directive]
[an error occurred while processing this directive], does not exist, please try again

Seems like this isn't working anymore, but still a good tutorial!

Nice tutorial Synchro, you made it look easy!

~INST1NCT

Nice tutorial, old method but it's useful

Make sure you know what the target server is running. Apache SSI syntax is different from Nginx SSI syntax (and I think also different from Lighty).

EDIT: Quoting the whole OP is a bit obnoxious.

EDIT: Relevant documentation

Apache:

[To see links please register here]

Nginx:

[To see links please register here]

Lighty:

[To see links please register here]

(11-09-2012, 09:34 PM)Nohbdy Wrote:

[To see links please register here]

Make sure you know what the target server is running. Apache SSI syntax is different from Nginx SSI syntax (and I think also different from Lighty).

EDIT: Quoting the whole OP is a bit obnoxious.

EDIT: Relevant documentation

Apache:

[To see links please register here]

Nginx:

[To see links please register here]

Lighty:

[To see links please register here]

Thanks, I love when somebody add something I forget