U.S. Dept Of Defense: Server-side include injection vulnerability in a DoD website

2016-12-21T03:14:13
ID H1:192931
Type hackerone
Reporter jutsuce
Modified 2017-07-03T18:11:43

Description

A Department of Defense website was vulnerable to a Server-Side Include Injection attack which could have allowed an attacker to inject code into HTML pages or, under some circumstances, perform remote code execution. @jutsuce was as able to demonstrate this vulnerability by crafting a specially formatted URL. Thank you for notifying us!