From 32c10f9418fe67be1c446e8bbbea714927710584 Mon Sep 17 00:00:00 2001
From: nihaohello <34113556+nihaohello@users.noreply.github.com>
Date: Wed, 27 Mar 2019 16:21:50 +0800
Subject: [PATCH] =?UTF-8?q?=E4=B8=BB=E4=BD=93?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.idea/N-MiddlewareScan.iml | 8 +
.../inspectionProfiles/profiles_settings.xml | 5 +
.idea/misc.xml | 7 +
.idea/modules.xml | 8 +
.idea/workspace.xml | 11 +
Github_README_deal.py | 34 +++
N-MiddlewareScan.py | 56 +++++
README.md | 5 +
__pycache__/config.cpython-37.pyc | Bin 0 -> 180 bytes
config.py | 1 +
plugins/README.md | 16 ++
plugins/__pycache__/axis.cpython-37.pyc | Bin 0 -> 419 bytes
plugins/__pycache__/plugins.cpython-37.pyc | Bin 0 -> 690 bytes
plugins/__pycache__/user_agent.cpython-37.pyc | Bin 0 -> 24707 bytes
plugins/axis.py | 50 ++++
plugins/deal.py | 8 +
plugins/plugins.py | 12 +
plugins/temp.txt | 59 +++++
plugins/user_agent.py | 237 ++++++++++++++++++
urls.txt | 2 +
20 files changed, 519 insertions(+)
create mode 100644 .idea/N-MiddlewareScan.iml
create mode 100644 .idea/inspectionProfiles/profiles_settings.xml
create mode 100644 .idea/misc.xml
create mode 100644 .idea/modules.xml
create mode 100644 .idea/workspace.xml
create mode 100644 Github_README_deal.py
create mode 100644 N-MiddlewareScan.py
create mode 100644 README.md
create mode 100644 __pycache__/config.cpython-37.pyc
create mode 100644 config.py
create mode 100644 plugins/README.md
create mode 100644 plugins/__pycache__/axis.cpython-37.pyc
create mode 100644 plugins/__pycache__/plugins.cpython-37.pyc
create mode 100644 plugins/__pycache__/user_agent.cpython-37.pyc
create mode 100644 plugins/axis.py
create mode 100644 plugins/deal.py
create mode 100644 plugins/plugins.py
create mode 100644 plugins/temp.txt
create mode 100644 plugins/user_agent.py
create mode 100644 urls.txt
diff --git a/.idea/N-MiddlewareScan.iml b/.idea/N-MiddlewareScan.iml
new file mode 100644
index 0000000..d0876a7
--- /dev/null
+++ b/.idea/N-MiddlewareScan.iml
@@ -0,0 +1,8 @@
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/inspectionProfiles/profiles_settings.xml b/.idea/inspectionProfiles/profiles_settings.xml
new file mode 100644
index 0000000..0eefe32
--- /dev/null
+++ b/.idea/inspectionProfiles/profiles_settings.xml
@@ -0,0 +1,5 @@
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/misc.xml b/.idea/misc.xml
new file mode 100644
index 0000000..8656114
--- /dev/null
+++ b/.idea/misc.xml
@@ -0,0 +1,7 @@
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/modules.xml b/.idea/modules.xml
new file mode 100644
index 0000000..86a5602
--- /dev/null
+++ b/.idea/modules.xml
@@ -0,0 +1,8 @@
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/workspace.xml b/.idea/workspace.xml
new file mode 100644
index 0000000..b768272
--- /dev/null
+++ b/.idea/workspace.xml
@@ -0,0 +1,11 @@
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/Github_README_deal.py b/Github_README_deal.py
new file mode 100644
index 0000000..543908b
--- /dev/null
+++ b/Github_README_deal.py
@@ -0,0 +1,34 @@
+# coding=utf-8
+import os
+
+def re_README(file):
+ f = open(file, encoding="utf-8")
+ urls = []
+ for i in f.readlines():
+ i = i.strip("\n").strip(" ")
+ i = i + " " + "\n"
+ urls.append(i)
+ f.close()
+
+ with open(file, "w+", encoding="utf-8") as f:
+ for i in urls:
+ f.write(i)
+ f.close()
+def list_file(dir_name):
+ files=os.listdir(dir_name)
+ new_file=os.path.abspath(dir_name)
+ for file in files:
+ file=new_file+"\\"+file
+ if os.path.isdir(file):
+ list_file(file)
+ #print(file)
+ elif "README.md" in file:
+ print(file)
+ re_README(file)
+
+dir_name=os.path.dirname(__file__)
+print(dir_name)
+list_file(dir_name)
+
+
+
diff --git a/N-MiddlewareScan.py b/N-MiddlewareScan.py
new file mode 100644
index 0000000..611fbf7
--- /dev/null
+++ b/N-MiddlewareScan.py
@@ -0,0 +1,56 @@
+#coding=utf-8
+#Author is Naivete
+#github:https://www.github.com/nihaohello
+#blog:http://www.youknowi.xin
+import sys
+import os
+import argparse
+import traceback
+import config
+from concurrent.futures import ThreadPoolExecutor
+from plugins import plugins
+#80,4848,7001,7002,8000,8001,8080,8081,8888,9999,9043,9080
+class MiddlewareScan(object):
+ def __init__(self,url,options):
+ self.url=url
+ self.options=options
+ def run(self):
+ P = plugins.plugins(self.url,self.options)
+ P.run()
+def main():
+ arg = argparse.ArgumentParser(description='MiddlewareScan By Naivete')
+ arg.add_argument('-u', '--url', help='url site', dest='url')
+ arg.add_argument('-i', '--file', help='file name', dest='file')
+ arg.add_argument('-p', '--options', help='options', dest='options')
+ arg.add_argument('-t', '--thread', help='thread num', dest='thread')
+ arg = arg.parse_args()
+ if arg.thread:
+ config.ThreadNum=arg.thread
+ if not arg.options:
+ arg.options="all"
+ if arg.url:
+ try:
+ S=MiddlewareScan(arg.url,arg.options)
+ S.run()
+ except Exception:
+ print(traceback.print_exc())
+ if arg.file:
+ try:
+ with open(arg.file,encoding="utf-8") as f:
+ with ThreadPoolExecutor(config.ThreadNum) as excetor:
+ for url in f.readlines():
+ try:
+ url=url.rstrip("\n")
+ S=MiddlewareScan(url,arg.options)
+ excetor.submit(S.run())
+ except Exception:
+ pass
+ f.close()
+ except Exception:
+ print(traceback.print_exc())
+ print("相关漏洞检测完成。")
+if __name__ == '__main__':
+ print("开始检测中间件相关漏洞:")
+ main()
+
+
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..16b0be4
--- /dev/null
+++ b/README.md
@@ -0,0 +1,5 @@
+最近在看web中间件的漏洞
+看到一个三年前的脚本:https://github.com/ywolf/F-MiddlewareScan
+想着自己写一个中间件相关的,正是脚本好写,poc和exp难
+github链接:
+
diff --git a/__pycache__/config.cpython-37.pyc b/__pycache__/config.cpython-37.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..8f9631c53a9760e6c3e5f3eef66bf04073a3f9ac
GIT binary patch
literal 180
zcmZ?b<>g`k0=KAHF+4!}F^B^Lj6jA15EpX*i4=w?h7`tN22G}yMnJBgCgUy6kc^_#
z#1y~M+?5PP%s@df@zoQ^a<+;IElw>ej;YKqRY=TBQOHe=aY-%CF3B&5DX1*T$j^JW
zwfn{Tsn1t*Ki$z1rt%g%0nfvh
zm5Eni!oG@tCEMrt{Q19JP9`ysdGc-XLHU!5UlVjVC%1bP6ez4=i5Vg&p}befgz{BD
z*;Auykl`2I0*U>!)NS5bZStbjtM(50I~n8H=j3*mg2EOyP~i)k|(p{
zL9AZ$!U3u_qUU@EuwDf!fN3%7xRz0WI|XSoYZk0__o&*Hzo
d;2z=Dy6!&+>o<-Roh~0#SL-tt<7i`y{2%reN<9Do
literal 0
HcmV?d00001
diff --git a/plugins/__pycache__/plugins.cpython-37.pyc b/plugins/__pycache__/plugins.cpython-37.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..46bd2d484510883b6432d1b609393e5a4e112377
GIT binary patch
literal 690
zcmY*Wzi-tr5I)CAUU+S#jtm_-l7UW42%(B1G4Tc}mMD@HVnb8%9Ai6zSG}!l9hjK9
zzy=c&3xA4N#IGH8?vj@ZF7kKhvwin{mwP)qb3prjcz*pK#7GrRT%iThdAXy6q
zC^%*BA{o7BjB>o?OI~mW4?xB;dJQsC@i{LN$&MjUe&I`4gqdmkXN`6_3vus`9>a&wXb~v+^gM
z{{H#m=cl(nK3shJ@}^weeAr0Ys+W~j$91L4jm*g(m{rJxXmsO+NU^@7uE0`uw!67{
zFdf%8{lUmzsk)9E4{MzHInLXovN4*}@sJqXXg|uKf#l3mr$N&Q8Eyl&y}pLQhQXYj
zZA}dDWRWLCR98zSM3@V)>}20kye-6wzG}x4OBL+a|K(|TmU;|7hbB7o$XLenG;p_a
qAvTpi329}F($W&kkakZ_Rqcm2|8Tu37P31dhr2WjN0KtOjo)7i$e6GI
literal 0
HcmV?d00001
diff --git a/plugins/__pycache__/user_agent.cpython-37.pyc b/plugins/__pycache__/user_agent.cpython-37.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..72c6ef54a99da72b75ff219ac1edcfa747fb2fbf
GIT binary patch
literal 24707
zcmeHQXLKCbbp|P!QS8WRc6yn_Nvw^9!L*&-(JB%N5F{Z25X}WdnNb2Sa2Mo?zyjU{
zSjKjmB`3Dy#9eNQ?Nr<8&1p{WPH~zYhjFTvANikO`IYazo$|`;o82LqoSYNt0EYy2
z=Dl~{z2E(Ac~A5A-uv7c{Q1<2-}A(4wr6HO!~T)}If}m=$Jg)$_(n5yWM}5$3>~Gr
zo|?IMgpRalYIpw!elxSW#lEvYNAUG5z83H`{3QNGN7(1-Zh8(KqtBvy=(Fj$^gQ|;
zx|g0$pG%)dpHE*vUq~;Y7t$Be7t@!}m(rKfm(y3!SJGF}SCd6wLtjfTqOYT`r*EJa
z(|uH#%q(wSKr|AqW
z(Ia%0mT84n=}|gIFQxO;rZrlp$LIn*PA{X2^v(1HeG7dnZP3f9Lz}ckL|xjZOLUof
z^dw!O9onTn?a@BHf(A6C13ILubd9dl4T|ZN^eTEaeH(o{eFuFfeHXoko}#Dewe;Qe
zJ@h(yJ-vaxm)=O`Y8Pd
z{U-eu{Wkp${Vx3;{XYEx{UQAk{W1LseT@E;{*3;d{(?SEe@TBue@%Zwe@maBPtxDf
zr|9qLCjA3_n*NdgiT;`Xh5nWPjXp!qUV8S`GY2#8Kk}-X53qgz_tltI_Tt{oPG_!e
zJJx*{dJxC8p|!eZg|=6-PVDdRbT4!_&-M=H>VCuaL+ie?XVzAh@3(e(SGv~e?$(vP
znze9wu(#Wt^P09}yFnP>Rqf7pXV6O?iXWFo+1lIP?;P|tce*WWrMCG#htzQ3NZ+N+7E%gt&I~IOmJ=(S&
zw_Il<+`x;}6$Qoxd2B(R7uk(STu~5ToqX76V`@SAAsaUebV0sR8aEMH%UajP*X_@)
zw_DcW>I1GF*`DqCwb6FXd5-J2p6gqW?so^BxyWv+I}hpOjq&B#gKIVG+@L!=*qih0
zh8=p=W8J~9x7VL@UE6Wv&7$dyw8zzD?M)zS7fTmK?U^)G+t0e~x~4(g1_T?0z8!}7
zAnc)dH(d#n`F)y(LbG)dUwHIF803nICtFr~d11k8S@!DUnzgWe-eMY5cN$)UY2^0a
zxz5357*>2G9j?IaFc5pOD!=M$dxbRE<1V&$VF0V>h0W0NBNxiyU^~?TOU<1L(+%oA
z{>y29cge0=%UjOhqw}}&d8tnB5+v>M0
znAqV^mRb}=FDX>O1P}3hJDLtXrrsByqgDtQ_H!lYyYjGT@mvr1%D5u%bk1{F_W1G#EuK!TrTK;lD8LEV8{cIzU*_;%g)0Wgv9S=V;$!1sVN^XW7ug*B{;
zDFIg$i-Eiozc+mc$0|)2h0YtEi9zFa5g+lmFvp^Kvo)$~5dd_hOTCV@08-E$Smzc%
zQ6T6`((DAKzTONsicl1rZQw92mIFAfV?%PCsM}r;KO`EDKvwwH!Ch_v3QWE-k|rv;
z?v)}A#Kp>;crD&8dX%|Yrid~Cm9w;f(I?My13Oaj;qtg~pmk%sQUh`_i?aa)2<&<;
zO*~@qe*o4>KoT(g_B>A^5O792m6l~(m&a7q^%}6WhO{y_9!R5U=Av3YrmI+f#uH%v
z?Z;#cXu`RAF33c}JrV`ECXH!?%4h>bP-Vd-ND0dY9R)QDq{TwCThhRSRWRFBhJj}-
zQ59x+O}H(AP2eF#{ke&s8g#q!?UPn#mvkG?2P%qE5(~#T^=uq>@kAKKz442|E)*(d
zXqzJtDX
zxXs>9cdjw-`@v?ef5{8tw@cG0Wbk&K2f17QmUU)rVPmPkH2}jvTB5ztZn#d@nm_FA
z(A??sk3<@nA?PWaV=}{hYIr98xHK(ogA2)2x|^Ip83Ig!E9#t3;8q1ZN{mhgl9m$5
z(T^ba1?W}>5;|b~3zk_MZ-uvzK+*waPZFCF!n$FIAR7;Sg|T8gFt
zF!7Lsa-N98fRYMi1Oe#H)B(R2wtn(3fgvl;P1G#^(*FMJrOl4DzPfgPy}h=0at?H=
zEQ%@A)`XczGftG&ta!k!mG-3TKGIpER*k^X-+j
z3-f~VGllkpW~ds3-v}TI&&B4-Q}#m^OYaW*u+W3vZZGcA(qgl!={)Wt-J9FQFVkDq!2Pef^~h&E7CcvoIhdJ8L!@CuF7(}X5c~b28Y7b
zw7jhozd@3Hv2%op@ClBb@Xim5EH?n;Z1<*a&yGD>Tp
zX7gjVBAsS;IJ?*u#14&Uy17O`H=WWPg0gRZlt0f?F&{~nI;k;3Qx!Zev+2yaVE>u1
z;PY_$$=?=L15y%CBFV_1yk=N8%n!~~S+`bakQ2S~7V{VMcPe`0)2T#@QD{WC)d3Ze
z@;sCrWGM^|u@=u?*y9@+ui7On>Evta)nMPIiX~1vB3C2&ytlUbHH2T9D=<
z_$X{t9*?>XEB9ydDAN8;Qus&R*NGpNUZUBH3Q|xI38X5*6R^?{%Xl2XeatVE5{qu5
zT8g$>;3Uz1A@E~Wa}Ipl0|EFnlI`aB&qO|^r9gP^s9rS+8aW6j<+tM^A`73-=5bjh
z`#JzSvOx=PNJj*SZ(b7CQe@DEKB3CVR+zAY-eU`0T%{{iEj-_eY`>v;i7DE5nnmq9
zXr3w6UoV1-64&SY(-$kvAU?jGB@&fJfCgTc$*PpFFuy58ttf>Da@Z?qOQvr3Wr
zjy9HIx7e+R-?i3T$VjAn>!ImO%1Gb=XMD1@z`pP!-nwaOLaba4VL4Y+}>Q}?LxsWEdAk^T|M(o4gb5z=Rk4^l`oO?PHP
zCx>@LqYbGrV^7T}lJX+v|1ur{7FCbO<`N)Ym9CW8jUk;R52J7absP*`(PXBeW6kON
zpA73OsZ6R#3O(DTxneEr$9*^)6>&zn2y{2p#qNe%@^VUZ
zmcYm=C=yEVDB$^kE7ws&HYp4ihT;8lssk-dbAMElmxdAgUIE%upyISip@#ftw}BdF
zB}vx6=r^3YP-ICPFlzCerP=>4?RE|#te54y$n&Kwfd?L;^Qc*5&aJy4mW6GS913`U
zAovq3R?bxj@8qbD=aGCIin$7?idJPStGmJ?PS2aE%oKo9rT08%8bW->^Ve0v9_otD
z(0D4RDp%Cn3Z|YXjEU{N=(O9CO6LZ7|L9bh>)tOP3IhVB_Q<;fc>fKrspW^!Oh=Nc
zFJADTlMrQgCN2%c^adB1HKEkZQE3V|ETqJfrn>^Q>DzaBs8S2j+utmlTqg8$xfx#6Gv$=)izDv
zbg-%vPdE%qhoTvIOiwQ!=em)c>=iIEOW{lXHbvRjmrbjX#^V80%
zAiOSa4o_QpM+qZfnSf#Jp<5r%0qf(UOK1Gg0MM`Pv5>GRdJP?
ziHjWgGX6+u8Wfxyr&+JlrumyHG57o>tJA$&!PyltH@IqT9!_%oRsc=D5&Hz
z12v|fo2<>L;VCsuE+5RH&yJw={3hD}r>srG%2CY&)p9+7^6;(55~^&WdfUJR3Dq}A
za@JD?Koxd;ow~DIxF`chU#xbwKg5k3d;O&Jv9z+>2+pdjf{qqruW&F&JM_XHisj}=
zVduf4kgU%VvFeCr3O)Yt_<FAsSDXl%qc3ZAP=t!I8-19xqDYY!@M{tK{OMG!i@^lS!YP+@z7)Dqa$if91!q#m`Wa`
zVhAxv9eFe;fpGq)7Qej8>g0>MAQ$E8C$_jofP}J(J9Dy@XbuYt>Sc8*EPzPlcmSKP
zjqlO(Ch5^L#C-_qZ>h0`DTEAxQr@#z-^`s!hMvMg%Qr{E=?#LAu`I=S&x1io&m+70w4`==OodKb7RtcaA6&b0CnlAgp@8T~xPU&girL6B(gKAy
z7r8yoJx{bpL#Y)wIrK8pkAj5BgbqkzeA7B02+JHWV132c1j_v^vXpc;SEB4}6n=kR
zq-y&I)6L)zq{RX%1Ql%&p45?A0P(`&-K3DtKF5IBa5Yr{jVX=h@k)^F5Ur#+$sS#3
zmA3;=;nbwMIL>2_Ef^He)vO|UCO|ztb<1Z9jH)?)-0=vB=n4o|hU4-T8>KoYxjn9I
zszzlRi17u*V#ld`4{mabqT(%)IjyKDuatYe{65TpwI4Mw_o>Y}3pBLq;%ifL=E`eE
z4an8V^^=UG=pfl6(!CwyuJd?CnuoT<#mumPI|;jKWPaJ_%(zoi*tH;_Ld!J6YLXK`
z317XTNM_f!NI@w+4$783#Rv?OJ;Haohe$lATJws*L7+44_Y?Hycf
zd?zwUvU3vH9IN}O>I|hZ0!^AUgLluV7<arN?Ck-C%p&;sTgN;DR%F0cTPCX6L{%e+42uFQqEpoPVy?=
zJ>=Am-aIzwpao&~=CQ5Id%dl0?a0OF9S*yLjm{-pt2zA8%;0X^`Tk!o+}}C8)awtQ
z$bV<=-?;hwOWlKw{6}}O>)}7fE{nhG=#l^b@Bh98jvXBw!*14&4%q)Qfd8HAgYfM+
Y_{Gh89^Bod!=3I!>|;ar?Vcn54c&EtcmMzZ
literal 0
HcmV?d00001
diff --git a/plugins/axis.py b/plugins/axis.py
new file mode 100644
index 0000000..b80287d
--- /dev/null
+++ b/plugins/axis.py
@@ -0,0 +1,50 @@
+#coding=utf-8
+from user_agent import get_user_agent
+def CVE_2018_9158(url):
+ headers = {'User-Agent': get_user_agent()}
+def CVE_2018_9157(url):
+ headers = {'User-Agent': get_user_agent()}
+def CVE_2018_9156(url):
+ headers = {'User-Agent': get_user_agent()}
+def CVE_2018_8032(url):
+ headers = {'User-Agent': get_user_agent()}
+def CVE_2018_19334(url):
+ headers = {'User-Agent': get_user_agent()}
+def CVE_2018_10664(url):
+ headers = {'User-Agent': get_user_agent()}
+def CVE_2018_10663(url):
+ headers = {'User-Agent': get_user_agent()}
+def CVE_2018_10662(url):
+ headers = {'User-Agent': get_user_agent()}
+def CVE_2018_10661(url):
+ headers = {'User-Agent': get_user_agent()}
+def CVE_2018_10660(url):
+ headers = {'User-Agent': get_user_agent()}
+def CVE_2018_10659(url):
+ headers = {'User-Agent': get_user_agent()}
+def CVE_2018_10658(url):
+ headers = {'User-Agent': get_user_agent()}
+def CVE_2017_9765(url):
+ headers = {'User-Agent': get_user_agent()}
+def CVE_2017_15885(url):
+ headers = {'User-Agent': get_user_agent()}
+def CVE_2017_12413(url):
+ headers = {'User-Agent': get_user_agent()}
+def axis(url):
+ CVE_2018_9158(url)
+ CVE_2018_9157(url)
+ CVE_2018_9156(url)
+ CVE_2018_8032(url)
+ CVE_2018_19334(url)
+ CVE_2018_10664(url)
+ CVE_2018_10663(url)
+ CVE_2018_10662(url)
+ CVE_2018_10661(url)
+ CVE_2018_10660(url)
+ CVE_2018_10659(url)
+ CVE_2018_10658(url)
+ CVE_2017_9765(url)
+ CVE_2017_15885(url)
+ CVE_2017_12413(url)
+ pass
+
diff --git a/plugins/deal.py b/plugins/deal.py
new file mode 100644
index 0000000..da11eca
--- /dev/null
+++ b/plugins/deal.py
@@ -0,0 +1,8 @@
+#coding=utf-8
+with open("temp.txt",encoding="utf-8") as f:
+ for i in f.readlines():
+ i=i.rstrip("\n").split(" ")[0]
+ i=i.replace("-","_")
+ #i="def "+i+"(url):\n"+" "+"headers = {'User-Agent': get_user_agent()}"
+ print(i+"(url)")
+f.close()
diff --git a/plugins/plugins.py b/plugins/plugins.py
new file mode 100644
index 0000000..e1d17a4
--- /dev/null
+++ b/plugins/plugins.py
@@ -0,0 +1,12 @@
+#coding=utf-8
+import sys
+sys.path.append("plugins")
+from axis import axis
+class plugins(object):
+ def __init__(self,url,options):
+ self.url=url
+ self.options=options
+ def run(self):
+ axis(self.url)
+
+
diff --git a/plugins/temp.txt b/plugins/temp.txt
new file mode 100644
index 0000000..fa5a12d
--- /dev/null
+++ b/plugins/temp.txt
@@ -0,0 +1,59 @@
+CVE-2018-9158 An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. They don't employ a suitable mechanism to prevent a DoS attack, which leads to a response time delay. An attacker can use the hping3 tool to perform an IPv4 flood attack, and the services are interrupted from attack start to end.
+CVE-2018-9157 ** DISPUTED ** An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server mod_include module with "