Originally posted here by Kulay
How does SSI exploitation works?
Thats not exactly the type of thing to be asking around here. Infact I think this is only half a step above asking how hotmail "hacking" works . But im bored so im just going to go ahead and answer your stupid ****ing question...

if I remember correctly... if there is a script that prints the output in a .shtml file then it might be possible to insert file includes, and if it has shity server configuration you've also got execution of commands. Below this is a very poor example of a attacker inserting SSI tags into the Referrer and User-Agent fields. Depending on whether the software outputs this information as text or in image form this could possably lead to a possible file includes or maybe even command execution.

______________________________________
su-2.05# telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET / HTTP/1.0
Referer:
User-Agent:

HTTP/1.1 200 OK
Date: Sun, 10 Aug 2003 00:0:00 GMT
Server: Sux
Connection: close
Content-Type: text/html
______________________________________

I hope the lame question has been succesfully answered. And by the way dude, your welcome ya damn moron.