SSI injection

SSI injection is a form of attack that can be used to compromise Web sites that contain SSI (server-side include) statements... (Continued)

SSI injection is a form of attack that can be used to compromise Web sites that contain SSI (server-side include) statements. An SSI is a variable value such as a "Last modified" date that a server can place in an HTML file. Before sending the file to the requestor, the server searches the file for CGI (common gateway interface) environment variables and inserts the appropriate values in the places where "include" statements appear. In SSI injection, the variable values are modified by an external hacker. This can allow the hacker to add, alter or delete HTML files on the server. It can also make it possible for the hacker to gain access to server resources.

According to security experts, the main reason that SSI injection and similar exploits are on the rise is the fact that application security is not sufficiently emphasized in software development. To protect the integrity of Web sites and applications, experts recommend the implementation of simple precautions during development, such as controlling the types and numbers of characters that are accepted by Web servers from users.

This was first published in August 2006

Continue Reading About SSI injection

Glossary

'SSI injection' is part of the:

View All Definitions

Dig deeper on Internet Application Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchSOA

TheServerSide

SearchCloudApplications

SearchAWS

SearchBusinessAnalytics

SearchFinancialApplications

SearchHealthIT

Close