Loading...
Tuesday, July 16, 2013
Home » pentest scripts » python » Ssiscan - ssi injection scanner

Ssiscan - ssi injection scanner

SSI-Scan is a basic PoC tool that helps facilitate the discovery of SSI injection vulnerabilities, a fairly rare and underdocumented code injection vulnerability where Server Side Includes directives are executed without proper validation and may lead to a system compromise or complete server enumeration.

At this point, SSI-Scan tests for injection by sending a POST request encapsulated with a hardcoded payload or through injecting forms specified by the user with a payload and looking for environment variable matches in the page source.

SSI-Scan requires BeautifulSoup4 and mechanize.

Example usage: -
python ssi-scan.py -u http://example.com
python ssi-scan.py -u http://example.com –form_uname username –form_passwd password

For more information on SSI injection:

https://www.owasp.org/index.php/Server-Side_Includes_(SSI)_Injection
http://capec.mitre.org/data/definitions/101.html

Source-
Posted by at 9:25 AM
Information Security ,
Share:

0 comments:

Post a Comment

:) :)) ;(( :-) =)) ;( ;-( :d :-d @-) :p :o :>) (o) [-( :-? (p) :-s (m) 8-) :-t :-b b-( :-# =p~ $-) (b) (f) x-) (k) (h) (c) cheer
Click to see the code!
To insert emoticon you must added at least one space before the code.

Subscribe to: Post Comments (Atom)
This is Your First Visit on This Website. Welcome!
 
TOP