http://www.imperva.com/application_defense_center/white_papers/bli

nd_sql_server_injection.html

 SQL Injection Signatures Evasion    Imperva

http://www.imperva.com/application_defense_center/white_papers/sq

l_injection_signatures_evasion.html

 Introduction to SQL Injection Attacks for Oracle Developers   

Integrigy

http://www.net 

security.org/dl/articles/IntegrigyIntrotoSQLInjectionAttacks.pdf

4.6  SSI Injection

SSI Injection (Server side Include) is a server side exploit technique

that allows an attacker to send code into a web application, which will

later be executed locally by the web server. SSI Injection exploits a

web application s failure to sanitize user supplied data before they

are inserted into a server side interpreted HTML file.

Before serving an HTML web page, a web server may parse and

execute Server side Include statements before providing it to the

user. In some cases (e.g. message boards, guest books, or content

management systems), a web application will insert user supplied

data into the source of a web page.

If an attacker submits a Server side Include statement, he may have

the ability to execute arbitrary operating system commands, or

include a restricted file s contents the next time the page is served.

Example

The following SSI tag can allow an attacker to get the root directory

listing on a UNIX based system.

40

Copyright 2004, Web Application Security Consortium. All rights reserved.