: An apache injection attack? I encountered a novel (to me anyway) form of injection attack in one of my logs login as  Which looks like someone it trying to trigger

I encountered a novel (to me anyway) form of injection attack in one of my
logs

login as 

Which looks like someone it trying to trigger sever side includes on
an apache server, if the input text was echoed into an error message.

Can apache even be configured to process SSI on it's output stream?
Or is there some more subtle vulnerability it's trying to exploit?

10.01% popularity Vote Up Vote Down

: Advice scaling website We could use advice on a scaling/ops issue. We have a simple website that runs on Rails 3.2.12 and uses MongoMapper instead of ActiveRecord. There is one database call

@Megan663

Posted in: #Performance #RubyOnRails #Scalability

0 Comments

: I want to redirect subdomain.domain1.com to domain2.com/directory using DNS I own 2 domain names "domain1.com" and "domain2.com", I want to redirect subdomain.domain1.com to domain2.com/directory using

@Megan663

Posted in: #Dns

2 Comments

: Featured Links/Blogroll (irrelevant links) in a blog is good or bad for SEO? While I’m checking my websites’ back links using backlink watch tool I saw so many backlinks are from Blogspots

@Megan663

Posted in: #Backlinks #Blogroll #Links #Seo

1 Comments

: Google only puts that particular display in the SERPs for forum sites that are hosted with common off the shelf forum software such as PHP-BB. Google never displays blog sites like that,

@Megan663

0 Comments

Login to post a comment!

1 Comments

Sorted by latest first Latest Oldest Best

@Eichhorn148

This article shows how to do black box probing to test for SSI Injection exploits using text very similar to what you describe.

An exploit would certainly be possible in the case that the text is written to a file and subsequently served by the webserver that supports SSI (whether or not that site otherwise uses SSI at all). I am not aware of a way that Apache can process SSI in the output stream.

10% popularity Vote Up Vote Down

Feed

: An apache injection attack? I encountered a novel (to me anyway) form of injection attack in one of my logs login as  Which looks like someone it trying to trigger

More posts by @Megan663

: Advice scaling website We could use advice on a scaling/ops issue. We have a simple website that runs on Rails 3.2.12 and uses MongoMapper instead of ActiveRecord. There is one database call

: I want to redirect subdomain.domain1.com to domain2.com/directory using DNS I own 2 domain names "domain1.com" and "domain2.com", I want to redirect subdomain.domain1.com to domain2.com/directory using

: Featured Links/Blogroll (irrelevant links) in a blog is good or bad for SEO? While I’m checking my websites’ back links using backlink watch tool I saw so many backlinks are from Blogspots

: Google only puts that particular display in the SERPs for forum sites that are hosted with common off the shelf forum software such as PHP-BB. Google never displays blog sites like that,

Login to post a comment!

1 Comments

Back to top | Use Dark Theme