Tell me more ×
Webmasters Stack Exchange is a question and answer site for pro webmasters. It's 100% free, no registration required.
up vote 3 down vote favorite
2

I encountered a novel (to me anyway) form of injection attack in one of my logs

login as <!--#exec cmd="ls .."-->

Which looks like someone it trying to trigger sever side includes on an apache server, if the input text was echoed into an error message.

Can apache even be configured to process SSI on it's output stream? Or is there some more subtle vulnerability it's trying to exploit?

share|improve this question

1 Answer

up vote 3 down vote accepted
+50

This article shows how to do black box probing to test for SSI Injection exploits using text very similar to what you describe.

An exploit would certainly be possible in the case that the text is written to a file and subsequently served by the webserver that supports SSI (whether or not that site otherwise uses SSI at all). I am not aware of a way that Apache can process SSI in the output stream.

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.