Server-Side Includes(SSI) Injection

Industry: N/A | Level: | Source: OWASP

Web servers usually give developers the ability to add small pieces of dynamic code inside static HTML pages, without having to deal with full-fledged server-side or client-side languages. This feature is provided by Server-Side Includes(SSI), which are directives the web server parses before serving the page to the user.SSI can lead to a Remote Command Execution (RCE), however most webservers have the exec directive disabled by default. This is a vulnerability very similar to a classical scripting language injection vulnerability. OWASP SSI Injection