Re: SSI Injection Question

[Mark Rafn <dagon () DAGON NET>]

On Fri, 1 Sep 2000, Max wrote:

> Please excuse me if this has already been discussed, or I end up
> sounding really stupid.

[excused, but I request that some exploration be done before posting.
This is answered for Apache in the FAQ F.9.]

> Imagine you had a CGI script (i.e search engine), that would return
> input entered by the user to some sort of result page, for example,
> "no matches for pretzel". Now, imagine again that this result had an
> extention that was listed to be run over by the SSI interperator.
>
> What would happen if you passed a string like "<!--#include
> virtual="/etc/password"-->"?

This is going to be server-dependent, but I don't know of any servers
that parse script output this way.  CGI output goes straight (more or
less) to the client, not piped through another scripting stage.
--
Mark Rafn    dagon () dagon net    <http://www.dagon.net/>