[Bug 57330] New: Server Side Includes ~ SSI~Injection

bugzilla Mon, 08 Dec 2014 08:07:19 -0800

https://issues.apache.org/bugzilla/show_bug.cgi?id=57330


            Bug ID: 57330
           Summary: Server Side Includes ~ SSI~Injection
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_include
          Assignee: [email protected]
          Reporter: [email protected]

hello guys mahmoud on mic : )

First Web Server/Host must support "Server Side Includes" .

http://httpd.apache.org/docs/current/mod/mod_include.html

the bug  from Check input in this code

http://im76.gulfup.com/HxiDCr.png

whene you open ssii file

and write first name and last name  will redirct to SHTML. ssi and print my
first name and  ip


http://im76.gulfup.com/8wIXzh.png

http://im76.gulfup.com/PcyQrj.png

ok let me change first name and last name to command by  Brup suite

http://im76.gulfup.com/z4IoDu.png

and use this command

<!--#exec cmd="cat /etc/passwd" --> 

<!--#echo var="DOCUMENT_NAME" --> 

http://im76.gulfup.com/N0ec8K.png


result bypass security and read etc/passwd

http://im76.gulfup.com/3rBVGT.png


Sorry about my bad english hope you guys can understand:-) :D

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 57330] New: Server Side Includes ~ SSI~Injection

Reply via email to