Or Template Mapper, is a tool i found while browsing github. It's pretty neat and seeks to automate exploitation of
Server Side Template Injection vulnerabilities. Which is a vector for remote code execution or even complete server takeover if leveraged by a capable attacker. TPLmap automates the fuzzing and exploitation of a website in this manner.
https://github.com/epinna/tplmapCheck it out it's pretty neat, once a vulnerability has been found the program allows you to spawn an interactive OS shell simply by running it with the --os-shell argument liek so:
./tplmap.py -u 'http://www.target.com/app?id=*' --os-shell
If anyone has any experience with finding and exploiting this type of vulnerability i'd love to hear about it.
