Detections
Analytics
CGI Generic SSI Injection
high Nessus Plugin ID 42054
Language:
Synopsis
Arbitrary code may be run on the remote server.Description
The remote web server hosts CGI scripts that fail to adequately sanitize request strings. They seem to be vulnerable to an 'SSI injection' attack. By leveraging this issue, an attacker may be able to execute arbitrary commands on the remote host.Solution
Disable Server Side Includes if you do not use them. Otherwise, restrict access to any vulnerable scripts and contact the vendor for a patch or upgrade.See Also
https://en.wikipedia.org/wiki/Server_Side_Includes
https://www.owasp.org/index.php/Server-Side_Includes_(SSI)_Injection
http://projects.webappsec.org/w/page/13246964/SSI%20Injection
Plugin Details
Severity: High
ID: 42054
File Name: torture_cgi_SSI_injection.nasl
Version: 1.18
Type: remote
Family: CGI abuses
Published: 10/7/2009
Updated: 1/19/2021
Supported Sensors: Nessus
Vulnerability Information
Required KB Items: Settings/enable_web_app_tests