Server-side Include Injection (SSI) vulnerabilities occur when the application allows creation of files that contain Server-side Include directives. If an attacker is able to create files that contain Server-side Include directives, and then is able to cause the server to execute these directives by issuing HTTP requests for these files, the attacker will be able to execute arbitrary system commands on the server with the privileges of the web server daemon.
All web applications are affected by Server-side Include Injection vulnerabilities.
The impact of Server-side Include Injection vulnerabilities is that the attacker will be able to execute arbitrary system commands on the server with the privileges of the web server daemon. The attacker will usually abuse this ability to upload malicious code that will allow him to take full control of the application and its data. If the attacker is able to leverage additional vulnerabilities or the server is not configured properly, this vulnerability may allow him to take full control of the server.
To prevent Server-side Include injection vulnerabilities, validate all user input and scramble file names of uploaded files.
To verify that server-side include injection vulnerabilities are prevented, make sure that all user input is validated and that file names of uploaded files are scrambled.
- For more information about SSI injection, see http://projects.webappsec.org/w/page/13246964/SSI%20Injection