Comments (2)
Same problem in XVWA app when testing SSTI.
from tplmap.
I tested tplmap with the Lab: Basic server-side template injection: https://portswigger.net/web-security/server-side-template-injection/exploiting/lab-server-side-template-injection-basic
python tplmap.py -u 'https://your-lab-id.web-security-academy.net/?message=Unfortunately%20this%20product%20is%20out%20of%20stock'
The script crashed at Twig plugin blind injection.
[+] Tplmap 0.5 Automatic Server-Side Template Injection Detection and Exploitation Tool [+] Testing if GET parameter 'message' is injectable [+] Smarty plugin is testing rendering with tag '*' [+] Smarty plugin is testing blind injection [+] Mako plugin is testing rendering with tag '${*}' [+] Mako plugin is testing blind injection [+] Python plugin is testing rendering with tag 'str(*)' [+] Python plugin is testing blind injection [+] Tornado plugin is testing rendering with tag '{{*}}' [+] Tornado plugin is testing blind injection [+] Jinja2 plugin is testing rendering with tag '{{*}}' [+] Jinja2 plugin is testing blind injection [+] Twig plugin is testing rendering with tag '{{*}}' [+] Twig plugin is testing blind injection [!][tplmap] Exiting: 'bool' object has no attribute 'replace'
If the Twig blind template is excluded the injection works.
[+] Testing if GET parameter 'message' is injectable [+] Smarty plugin is testing rendering with tag '*' [+] Smarty plugin is testing blind injection [+] Mako plugin is testing rendering with tag '${*}' [+] Mako plugin is testing blind injection [+] Python plugin is testing rendering with tag 'str(*)' [+] Python plugin is testing blind injection [+] Tornado plugin is testing rendering with tag '{{*}}' [+] Tornado plugin is testing blind injection [+] Jinja2 plugin is testing rendering with tag '{{*}}' [+] Jinja2 plugin is testing blind injection [+] Freemarker plugin is testing rendering with tag '*' [+] Freemarker plugin is testing blind injection [+] Velocity plugin is testing rendering with tag '*' [+] Velocity plugin is testing blind injection [+] Slim plugin is testing rendering with tag '"#{*}"' [+] Slim plugin is testing blind injection [+] Erb plugin is testing rendering with tag '"#{*}"' [+] Erb plugin has confirmed injection with tag '"#{*}"' [+] Tplmap identified the following injection point: GET parameter: message Engine: Erb Injection: "#{*}" Context: text OS: x86_64-linux-gnu Technique: render Capabilities: Shell command execution: ok Bind and reverse shell: ok File write: ok File read: ok Code evaluation: ok, ruby code
How do you exclude an engine. I could only find -e
to include engines.
from tplmap.
Related Issues (20)
- 'bool' object has no attribute 'replace' HOT 5
- module 'collections' has no attribute 'Mapping' HOT 8
- requests module download faile
- Unable to detect SSTI
- Node test container not building
- Problem installing in kali HOT 8
- doesn't support python3.10.9 HOT 5
- Getting error: Name 'GuiderQuest' is not defined even though it is global and i think it is all right? Help please.
- module 'collections' has no attribute 'Mapping' HOT 2
- Not working properly showing bool object no atribute replace error while runninng HOT 1
- Is this awesome tools provide witting a log?
- 3 arguments ? HOT 1
- target shell can't move to other file ,is it normal? HOT 1
- Traceback (most recent call last): File "./tplmap.py", line 3, in <module> HOT 5
- Why can't my cookie be configured normally
- ISSUE AGAIN
- Can't SSTI injection through cookie value
- Traceback (most recent call last): File "tplmap.py", line 2, in <module> HOT 4
- ERROR: No matching distribution found for PyYaml HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tplmap.