tag:blogger.com,1999:blog-13756280.post115593528470465818..comments2024-02-08T03:44:23.780-08:00Comments on Jeremiah Grossman: SSI Injection instead of JavaScript MalwareJeremiah Grossmanhttp://www.blogger.com/profile/05017778127841311186noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-13756280.post-1156168344127676512006-08-21T06:52:00.000-07:002006-08-21T06:52:00.000-07:00SSI injection via stored data is nothing new at al...SSI injection via stored data is nothing new at all. Here's a paper I wrote in January 2002 talking about this issue with web state software (and it was discussed MUCH earlier than this document). Of course 'insert software storing data here'.<BR/><BR/>http://www.cgisecurity.com/papers/header-based-exploitation.txt<BR/><BR/>- RobertAnonymousnoreply@blogger.com