The use of the .shtml extension is not mandatory, so not having found any .shtml files doesn't necessarily mean that the target is not vulnerable to SSI injection attacks. The next step is determining ...
This article describes how to test an application for OS command injection. The tester will try to inject an OS command through an HTTP request to the application. OS command injection is a ...