SSI Server Side Include Injection Shell - FOCSoft

Assalam O Alikum Dear Friends

SSI (server side include) is a web application exploit, you can put your codes remotly to vulenrable websites,
Server-side Include allowed you to upload files in multi extentions, but in .php extention you can't excute your shell, you have to rename shell.txt to shell.php
Lets Begin ...

Dorks :


inurl:bin/Cklb/
inurl:login.shtml
inurl:login.shtm
inurl:login.stm
inurl:search.shtml
inurl:search.shtm
inurl:search.stm
inurl:forgot.shtml
inurl:forgot.shtm
inurl:forgot.stm
inurl:register.shtml
inurl:register.shtm
inurl:register.stm
inurl:login.shtml?page=




Try any dork or find sites manually,
To check vulenrablity of websites enter these commands in username and password




It Will show the Date





It Will display which user is running on the server

 (Linux)

it Will show all files in the directory

(Windows)

it Will display all files in the directory

for example enter

in username and password to view all files of website

now we have to upload our deface page or shell

to upload a deface page, host/upload your deface page anywhere

you can use pastehtml.com for it,

then enter this command in username and password

to view your deface page goto site.com/deface.html

to upload a shell on website you have to host your shell anywhere in .txt format

then enter this command in login

to check your txt file is uploaded or not list all files using

now you have to chnage .txt extention to .php

to rename your txt file to php use this command

now goto site.com/abc.php and acess your shell

Please Share This Post With Your Frinds :) FOCSoft

SOCIALIZE IT →

Tweet

FOLLOW US →

SHARE IT →