https://issues.apache.org/bugzilla/show_bug.cgi?id=57330
--- Comment #10 from Christophe JAILLET <[email protected]> --- Based on google and code in the screenshot, the application used seems to be: https://github.com/theand/bwapp/blob/master/bWAPP/ssii.php What you described is not a problem or bug in apache or mod_include. It is the way SSI is used in this "buggy web application" (see comment at the beginning of URL above) which is bad. In this "application", any user is "allowed" to write "anything" in a SSI file and then executes it. SSI files are not intended to be generated "on the fly" as in your example. Should they be, then it is your responsibility to validate what is generated in order to avoid mis-behavior or security related problems. (In reply to Mahmoud El Manzalawy from comment #9) > you mean in this site or in ather site ? So, to answer this, I would say that there is no need to report it anywhere. The script is "badly" written "in purpose" for "educational purposes only" and should be used only for that. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
