sQuo Posted May 30, 2013 Share Posted May 30, 2013 This is the hidden content, please Sign In or Sign Up SSI-Scan is a basic PoC tool that helps facilitate the discovery of SSI injection vulnerabilities, a fairly rare and underdocumented code injection vulnerability where Server Side Includes directives are executed without proper validation and may lead to a system compromise or complete server enumeration. At this point, SSI-Scan tests for injection by sending a POST request encapsulated with a hardcoded payload or through injecting forms specified by the user with a payload and looking for environment variable matches in the page source. SSI-Scan requires BeautifulSoup4 and mechanize. Example usage: This is the hidden content, please Sign In or Sign Up For more information on SSI injection: This is the hidden content, please Sign In or Sign Up )_Injection This is the hidden content, please Sign In or Sign Up SSI-Scan will be receiving more updates to its functionality. TnX && Credit: fnordbg Download This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts