SSI — Server Side Include Injection

Content:

  • Introduction
  • SSI Injection Vulnerability & Detection
  • SSI Injection Attack Scenario
  • Mitigations of SSI Injection Vulnerability
  • Conclusion
  • Sanitizing the HTML inputs
  • Encoding the user input before rendering the pages
  • Proper configuration of server for dynamic content parsing
  • Avoid having pages with the extension mentioned before

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store