Is Server-Side Includes injection really common vulnerability? And how can I detect it - is there some way like automatic tools or some kind of fingerprint test or do I have to just play with input?
Asked
Active
Viewed 170 times
1
-
1There are different types of “server side” injection (XSS, brute force, sql injection, etc..) Did you have a specific type of attack in mind or just interested in finding all server side vulnerabilities? – pm1391 Nov 19 '19 at 15:46
-
OWASP Zap can detect it. – postoronnim Nov 19 '19 at 15:47
-
1Yeah, I meant SSI injection - like specifically that type of injection , I read in owasp that it is common vulnerability and because I never noticed app that would be using some server-side includes so I was surprised to read that . – Martin Sutovsky Nov 19 '19 at 15:55
-
1SSI is rarely used now. It was common in the 90’s, along with CGI. – Gaius Nov 19 '19 at 18:02
1 Answers
1
Not particularly common anymore.
One exception would be web interfaces for embedded devices as many of these just shell out to bash commands and don’t escape well if at all, but again, this is rare to see on a public facing anything these days.
Luke Mlsna
- 134
- 4