For instance, an attacker could try:
As modern frameworks abstract away raw server parsing, the .shtml file fades into obscurity. However, the lesson remains: inurl view index shtml 14
https://example.com/news/view.shtml?14 Or URL rewriting without question marks: For instance, an attacker could try: As modern
https://example.com/news/view/14/ If a server still runs mod_include with an old version of Apache (e.g., 1.3 or 2.2) and allows user-supplied input to be parsed by SSI, it may be vulnerable to Server Side Includes Injection (SSI Injection) . inurl view index shtml 14