“SSI Injection (Server-side Include) is a server-side exploit technique
that allows an attacker to send code into a web application, which will
later be executed locally by the web server. SSI Injection exploits a
web application’s failure to sanitize user-supplied data before they
are inserted into a server-side interpreted HTML file.” – The Web Application Security Consortium Threat Classifications Project
What is Server Side Include Injection?
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack