We covered the solution to H.A.S.T.E Vulnhub machine and we demonstrated Server Side Includes Injection that led to gaining access to the target machine.
Server Side Includes Injection
SSIs are Web application directives that are used to provide dynamic content to an HTML page. With the exception of the fact that SSIs are used to carry out certain activities either before to the current page loading or during page visualization, they are comparable to CGIs. The web server examines SSI in order to accomplish this before sending the user the page.
The Complete Practical Web Application Penetration Testing Course
Through the injection of scripts into HTML pages or the remote execution of arbitrary instructions, a web application can be exploited via the Server-Side Includes attack. It can be used by forcing its use through user input fields or by manipulating the SSI that is used in the program.
By adding characters that are used in SSI directives, such as these, you can determine whether the program is correctly validating the data entered in input fields.
< ! # = / . ” – > and [a-zA-Z0-9]
Checking for pages with the extensions.stm,.shtm, and.shtml is another method to find out if the application is susceptible. It should be noted that the absence of these kinds of pages does not provide protection from SSI attacks for the application.
In any event, the web server must allow SSI execution without sufficient validation for the attack to succeed. Under the authorization of the web server process owner, this may result in file system and process access and manipulation.
The attacker is able to run shell commands and obtain private data, including password files. Input fields receive the SSI instructions, which are then transmitted to the web server. Before delivering the page, the web server parses and applies the directives. The next time the user’s browser loads the page, the attack result will be visible.
Video Walkthrough