Jump to content
io.kent

SSI-Scan [SSI injection scanner]

By io.kent, in Programe hacking

Recommended Posts

io.kent Newbie

io.kent

Posted
Posted

hck.jpg

SSI-Scan is a basic PoC tool that helps facilitate the discovery of SSI injection vulnerabilities, a fairly rare and underdocumented code injection vulnerability where Server Side Includes directives are executed without proper validation and may lead to a system compromise or complete server enumeration.

At this point, SSI-Scan tests for injection by sending a POST request encapsulated with a hardcoded payload or through injecting forms specified by the user with a payload and looking for environment variable matches in the page source.

SSI-Scan requires BeautifulSoup4 and mechanize.

Example usage: 

python ssi-scan.py -u http://example.com
python ssi-scan.py -u http://example.com –form_uname username –form_passwd password

For more information on SSI injection:

https://www.owasp.org/index.php/Server-Side_Includes_(SSI)_Injection
http://capec.mitre.org/data/definitions/101.html

SSI-Scan will be receiving more updates to its functionality.

TnX && Credit: fnordbg

sursa: SSI-Scan [sSI injection scanner] | CyberPunk

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...