Server-Side Includes Injection (SSI injection)


Server-Side Includes (SSI) are directives present on web applications used to feed an HTML page with dynamic contents. They are similar to CGIs, except that SSIs are used to execute some actions before the current page is loaded or while the page is being visualized. To do so, the web server analyzes SSI before supplying the page to the user.

The Server-Side Includes Injection (SSI Injection) attack allows the exploitation of a web application by injecting scripts in HTML pages or executing arbitrary codes remotely. It can be exploited through manipulation of SSI in use in the application or force its use through user input fields.

In a successful Server-Side Includes Injection attack, the threat actor can access sensitive information, such as password files, and execute shell commands. The SSI directives are injected in input fields, and sent to the web server. The web server parses and executes the directives before supplying the page. Then, the attack result will be viewable the next time the page is loaded for the user’s browser.

Research
The State Of Web Application And API Protection

The State Of Web Application And API Protection

This report uses survey data to examine organizations’ application and API security awareness, visibility, best practices and security strategies and looks at how different roles within a company view app security.

Read more

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support

Get Social

Connect with experts and join the conversation about Radware technologies.

Radware Blog
Security Research Center