You are viewing a plain text version of this content. The canonical link for it is here.

Posted to rivet-dev@tcl.apache.org by bu...@apache.org on 2014/12/08 09:36:18 UTC

[Bug 57325] New: Server Side Includes SSI Injection

https://issues.apache.org/bugzilla/show_bug.cgi?id=57325

            Bug ID: 57325
           Summary: Server Side Includes  SSI Injection
           Product: Rivet
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Rivet Core Commands
          Assignee: rivet-dev@tcl.apache.org
          Reporter: is4curity@gmail.com
                CC: mxmanghi@apache.org

Server Side Includes  SSI Injection commands and read file on server 

Description in attachment with photo

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: rivet-dev-unsubscribe@tcl.apache.org
For additional commands, e-mail: rivet-dev-help@tcl.apache.org

[Bug 57325] Server Side Includes SSI Injection

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=57325

--- Comment #2 from Mahmoud El Manzalawy <is...@gmail.com> ---
hello guys mahmoud on mic : )

Server Side Includes ~ SSI~Injection

First Web Server/Host must support "Server Side Includes" .

http://httpd.apache.org/docs/current/mod/mod_include.html

the bug  from Check input in this code

http://im76.gulfup.com/HxiDCr.png

whene you open ssii file

and write first name and last name  will redirct to SHTML. ssi and print my
first name and  ip


http://im76.gulfup.com/8wIXzh.png

http://im76.gulfup.com/PcyQrj.png

ok let me change first name and last name to command by  Brup suite

http://im76.gulfup.com/z4IoDu.png

and use this command

<!--#exec cmd="cat /etc/passwd" --> 

<!--#echo var="DOCUMENT_NAME" --> 

http://im76.gulfup.com/N0ec8K.png


result bypass security and read etc/passwd

http://im76.gulfup.com/3rBVGT.png


Sorry about my bad english hope you guys can understand:-) :D

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: rivet-dev-unsubscribe@tcl.apache.org
For additional commands, e-mail: rivet-dev-help@tcl.apache.org

[Bug 57325] Server Side Includes SSI Injection

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=57325

Massimo Manghi <mx...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |WONTFIX

--- Comment #1 from Massimo Manghi <mx...@apache.org> ---
Bug notification unexplained and therefore invalid

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: rivet-dev-unsubscribe@tcl.apache.org
For additional commands, e-mail: rivet-dev-help@tcl.apache.org