User Controls

TPLmap

  1. #1
    Sophie Pedophile Tech Support
    Or Template Mapper, is a tool i found while browsing github. It's pretty neat and seeks to automate exploitation of Server Side Template Injection vulnerabilities. Which is a vector for remote code execution or even complete server takeover if leveraged by a capable attacker. TPLmap automates the fuzzing and exploitation of a website in this manner.

    https://github.com/epinna/tplmap

    Check it out it's pretty neat, once a vulnerability has been found the program allows you to spawn an interactive OS shell simply by running it with the --os-shell argument liek so:


    ./tplmap.py -u 'http://www.target.com/app?id=*' --os-shell


    If anyone has any experience with finding and exploiting this type of vulnerability i'd love to hear about it.

Jump to Top