Sciweavers

ACSAC
1998
IEEE

Protecting Web Servers from Security Holes in Server-Side Includes

14 years 4 months ago
Protecting Web Servers from Security Holes in Server-Side Includes
This paper first investigates and analyzes security holes concerning the use of Server-Side Includes (SSI) in some of the most used Web server software packages. We show that, by exploiting features of SSI, one could seriously compromise Web server security. For example, we demonstrate how users can gain access to information they are not supposed to see, and how attackers can crash a Web server computer by having an HTML file execute a simple program. Such attacks can be made with no trace left behind. We have successfully carried out all the attacks described in this paper on dummy servers we set up for this investigation. We then suggest several practical security measures to prevent a Web server from such attacks.
Jared Karro, Jie Wang
Added 04 Aug 2010
Updated 04 Aug 2010
Type Conference
Year 1998
Where ACSAC
Authors Jared Karro, Jie Wang
Comments (0)