mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 10:26:09 +00:00
commit
e11a37e6a2
@ -76,7 +76,10 @@
|
||||
|
||||
## Tools
|
||||
|
||||
Recommended tool: [Tplmap](https://github.com/epinna/tplmap)
|
||||
Recommended tools:
|
||||
|
||||
[Tplmap](https://github.com/epinna/tplmap) - Server-Side Template Injection and Code Injection Detection and Exploitation Tool
|
||||
|
||||
e.g:
|
||||
|
||||
```powershell
|
||||
@ -85,6 +88,16 @@ python2.7 ./tplmap.py -u "http://192.168.56.101:3000/ti?user=*&comment=supercomm
|
||||
python2.7 ./tplmap.py -u "http://192.168.56.101:3000/ti?user=InjectHere*&comment=A&link" --level 5 -e jade
|
||||
```
|
||||
|
||||
[SSTImap](https://github.com/vladko312/SSTImap) - Automatic SSTI detection tool with interactive interface based on [Tplmap](https://github.com/epinna/tplmap)
|
||||
|
||||
e.g:
|
||||
|
||||
```powershell
|
||||
python3 ./sstimap.py -u 'https://example.com/page?name=John' -s
|
||||
python3 ./sstimap.py -u 'https://example.com/page?name=Vulnerable*&message=My_message' -l 5 -e jade
|
||||
python3 ./sstimap.py -i -A -m POST -l 5 -H 'Authorization: Basic bG9naW46c2VjcmV0X3Bhc3N3b3Jk'
|
||||
```
|
||||
|
||||
## Methodology
|
||||
|
||||
![SSTI cheatsheet workflow](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Template%20Injection/Images/serverside.png?raw=true)
|
||||
|
Loading…
Reference in New Issue
Block a user