Nytro Posted August 7, 2016 Report Share Posted August 7, 2016 Tplmap Tplmap (short for Template Mapper) is a tool that automate the process of detecting and exploiting Server-Side Template Injection vulnerabilities (SSTI). This assists SSTI exploitation to compromise the application and achieve remote command execution on the operating system. The tool can be used by security researches and penetration testers, to detect and exploit vulnerabilities and study the template injection flaws. Tplmap template capabilities can be extended via plugins. Several sandbox break-out methodologies came from James Kett's research Server-Side Template Injection: RCE For The Modern Web App and other original researches. As advanced features Tplmap detects and achieves command execution in case of blind injections and is able to inject in code context. Link: https://github.com/epinna/tplmap 2 Quote Link to comment Share on other sites More sharing options...
