tplmap
Server-Side Template Injection and Code Injection Detection and Exploitation Tool
Details
Category: Vulnerabilities
Publisher: trickest
Created Date: 9/7/2021
Container: quay.io/trickest/tplmap:6f21501
Source URL: https://github.com/epinna/tplmap
Parameters
url
string
requiredCommand:
--url
- Target URL.proxy
string
Command:
--proxy
- Use a proxy to connect to the target URLcookie
string
Command:
-c
- Cookies (e.g. 'Field1=Value1').header
string
Command:
-H
- Extra headers (e.g. 'Header1: Value1').tpl-code
string
Command:
--tpl-code
- Inject code in the template engine.post-data
string
Command:
--data
- Data string to be sent through POST. It must be as query string: param1=value1¶m2=value2.technique
string
Command:
-t
- Techniques R(endered) T(ime-based blind). Default: RT.user-agent
string
Command:
-A
- HTTP User-Agent header value.force-level
boolean
Command:
--force-level
- Force a LEVEL and CLEVEL to test.http-method
string
Command:
-X
- Force usage of given HTTP method (e.g. PUT).upload-file
file
Command:
--upload
- Upload file to target.injection-tag
string
Command:
--injection-tag
- Use string as injection tag (default '*').backend-engine
string
Command:
-e
- Force back-end template engine to this value.os-cmd-to-execte
string
Command:
--os-cmd
- Execute an operating system command.level-code-context
string
Command:
--level
- Level of code context escape to perform (1-5, Default:1).force-overwrite-uploaded-files
boolean
Command:
--force-overwrite
- Force file overwrite when uploading.