What is SSI injection

pts.
Tags:
Access control
Application security
backdoors
Browsers
Current threats
Database
Development
Encryption
filtering
Hacking
human factors
Instant Messaging
Microsoft Exchange
Secure Coding
Servers
Spyware
SSL/TLS
Trojans
Viruses
Web security
worms
I recently read an article that mentioned SSI injection. I'm aware of SQL injection, but not SSI. Can anyone explain what it is and what should be done to protect against it? Thanks

Answer Wiki

Thanks. We'll let you know when a new response is added.

A quick google found this:

http://www.webappsec.org/projects/threat/classes/ssi_injection.shtml

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Mistoffeles
    In simple terms, it is any code that can get onto and run on a server that is not supposed to, making a SQL Injection a subcategory of an SSI Injection. Proper sanitization of incoming submissions is required to remove this sort of code, for example examining hidden fields the server has placed on a web page which have returned with different contents than what was placed in them originally, or data returned to the server from a result set it provided, which was not originally in the result set provided.
    0 pointsBadges:
    report
  • This213
    "In simple terms, it is any code that can get onto and run on a server that is not supposed to, making a SQL Injection a subcategory of an SSI Injection." No, server side include injection is not in the same category as SQL injection. The two use completely different functionality to attack a given script/site/application. Code that can get onto and run on servers it doesn't belong is called either a virus, a rootkit or a crack. SSI injection can lead to one of these, but SQL injection will most likely not. For a user to attack a site using SSI injection given the rudimentary definition at the link provided, they have to have permissions to write a web accessible file to the server. This is so they can write the code, then browse to it with a web browser to see the results. However, historically more common, a developer will use an unsafe command in an SSI command which a user then uses to attack the site, something like running an exec using form input. I say historically because there aren't that many sites out there using SSI. *Most* sites now run on PHP or ASP, both of which are capable of far more than simple SSI in a far more secure manner. On the other hand, SQL injection can be performed against any site or application which connects to a database. SQL injection is where a user enters unexpected values into a request field on a form which then exploits the database in some manner - such as returning data it's not supposed to or wiping out essential data. However, the only way a user can perform this type of attack against you is if you directly use the user input in your query without sanitizing it. In any case where the possible exploit comes from user input, Mistoffeles is right, make sure you sanitize it. In cases where a user has write permissions to a web accessible directory, your best bet is to jail them in that directory. If you can't do this for whatever reason, remove the SSI exec privelege from the web server.
    0 pointsBadges:
    report
  • This213
    "In simple terms, it is any code that can get onto and run on a server that is not supposed to, making a SQL Injection a subcategory of an SSI Injection." No, server side include injection is not in the same category as SQL injection. The two use completely different functionality to attack a given script/site/application. Code that can get onto and run on servers it doesn't belong is called either a virus, a rootkit or a crack. SSI injection can lead to one of these, but SQL injection will most likely not. For a user to attack a site using SSI injection given the rudimentary definition at the link provided, they have to have permissions to write a web accessible file to the server. This is so they can write the code, then browse to it with a web browser to see the results. However, historically more common, a developer will use an unsafe command in an SSI command which a user then uses to attack the site, something like running an exec using form input. I say historically because there aren't that many sites out there using SSI. *Most* sites now run on PHP or ASP, both of which are capable of far more than simple SSI in a far more secure manner. On the other hand, SQL injection can be performed against any site or application which connects to a database. SQL injection is where a user enters unexpected values into a request field on a form which then exploits the database in some manner - such as returning data it's not supposed to or wiping out essential data. However, the only way a user can perform this type of attack against you is if you directly use the user input in your query without sanitizing it. In any case where the possible exploit comes from user input, Mistoffeles is right, make sure you sanitize it. In cases where a user has write permissions to a web accessible directory, your best bet is to jail them in that directory. If you can't do this for whatever reason, remove the SSI exec privelege from the web server.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following