sQuo Posted May 30, 2013 Share Posted May 30, 2013 This is the hidden content, please Sign In or Sign Up SSI-Scan is a basic PoC tool that helps facilitate the discovery of SSI injection vulnerabilities, a fairly rare and underdocumented code injection vulnerability where Server Side Includes directives are executed without proper validation and may lead to a system compromise or complete server enumeration. At this point, SSI-Scan tests for injection by sending a POST request encapsulated with a hardcoded payload or through injecting forms specified by the user with a payload and looking for environment variable matches in the page source. SSI-Scan requires BeautifulSoup4 and mechanize. Example usage: This is the hidden content, please Sign In or Sign Up For more information on SSI injection: This is the hidden content, please Sign In or Sign Up )_Injection This is the hidden content, please Sign In or Sign Up SSI-Scan will be receiving more updates to its functionality. TnX && Credit: fnordbg Download This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
.webp.8407a83ac96563f75e1c428a1f0d4c3e.webp)
.webp.9a04cec050a656fab081ac190f971c3f.webp)
Hack Tools Resurrection
sQuo
Recommended Posts