Skip to content

Methodoloy

Try Identifying extension used

Extension Tests
jsf [[Web Applications testing/Attacks/Expression Language Injection]]
jsp [[Web Applications testing/Attacks/Expression Language Injection]]
shtml [[Web Applications testing/Attacks/Server Side Include]]
shtml [[Web Applications testing/Attacks/Server Side Include]]
stm [[Web Applications testing/Attacks/Server Side Include]]

Reflected Value?

Try [[Web Applications testing/Attacks/SSTI]] [[Web Applications testing/Attacks/XSLT Engines]] [[Web Applications testing/Attacks/Expression Language Injection]] [[Web Applications testing/Attacks/XSS]] [[Web Applications testing/Attacks/Server Side Include]] OS Command Injection