Certified Ethical Hacker (CEH v11) — Question 383
Calvin, a software developer, uses a feature that helps him auto-generate the content of a web page without manual involvement and is integrated with SSI directives. This leads to a vulnerability in the developed web application as this feature accepts remote user inputs and uses them on the page. Hackers can exploit this feature and pass malicious SSI directives as input values to perform malicious activities such as modifying and erasing server files.
What is the type of injection attack Calvin's web application is susceptible to?
Answer options
- A. CRLF injection
- B. Server-side template injection
- C. Server-side JS injection
- D. Server-side includes injection
Correct answer: D
Explanation
The correct answer is D, Server-side includes injection, as the vulnerability arises from the use of SSI directives with user inputs. While CRLF injection, Server-side template injection, and Server-side JS injection are also types of attacks, they do not specifically relate to the exploitation of SSI directives as described in the scenario.