SSI-Scan is a basic PoC tool that helps facilitate the discovery of SSI injection vulnerabilities, a fairly rare and underdocumented code injection vulnerability where Server Side Includes directives are executed without proper validation and may lead to a system compromise or complete server enumeration.
At this point, SSI-Scan tests for injection by sending a POST request encapsulated with a hardcoded payload or through injecting forms specified by the user with a payload and looking for environment variable matches in the page source.
SSI-Scan requires BeautifulSoup4 and mechanize.
Example usage:
For more information on SSI injection:
SSI-Scan will be receiving more updates to its functionality.
TnX && Credit: fnordbg
Download
At this point, SSI-Scan tests for injection by sending a POST request encapsulated with a hardcoded payload or through injecting forms specified by the user with a payload and looking for environment variable matches in the page source.
SSI-Scan requires BeautifulSoup4 and mechanize.
Example usage:
For more information on SSI injection:
SSI-Scan will be receiving more updates to its functionality.
TnX && Credit: fnordbg
Download
Verified & Trusted WesternUnion | MoneyGram | Bank - Transferring [299$ BTC for 2000$ WU]
Verified & Trusted Electronics Carding, Carding iPhone, Samsung Carding, MacBook Carding, Laptops Carding