tplmap
Server-Side Template Injection and Code Injection Detection and Exploitation Tool
Details
Category: Vulnerabilities
Publisher: trickest
Created Date: 9/7/2021
Container: quay.io/trickest/tplmap:6f21501
Source URL: https://github.com/epinna/tplmap
Parameters
url
string
requiredCommand:
--url - Target URL.proxy
string
Command:
--proxy - Use a proxy to connect to the target URLcookie
string
Command:
-c - Cookies (e.g. 'Field1=Value1').header
string
Command:
-H - Extra headers (e.g. 'Header1: Value1').tpl-code
string
Command:
--tpl-code - Inject code in the template engine.post-data
string
Command:
--data - Data string to be sent through POST. It must be as query string: param1=value1¶m2=value2.technique
string
Command:
-t - Techniques R(endered) T(ime-based blind). Default: RT.user-agent
string
Command:
-A - HTTP User-Agent header value.force-level
boolean
Command:
--force-level - Force a LEVEL and CLEVEL to test.http-method
string
Command:
-X - Force usage of given HTTP method (e.g. PUT).upload-file
file
Command:
--upload - Upload file to target.injection-tag
string
Command:
--injection-tag - Use string as injection tag (default '*').backend-engine
string
Command:
-e - Force back-end template engine to this value.os-cmd-to-execte
string
Command:
--os-cmd - Execute an operating system command.level-code-context
string
Command:
--level - Level of code context escape to perform (1-5, Default:1).force-overwrite-uploaded-files
boolean
Command:
--force-overwrite - Force file overwrite when uploading.