search

epinna / tplmap

Server-Side Template Injection and Code Injection Detection and Exploitation Tool
GNU General Public License v3.0
3.75k stars 670 forks source link

[Queries] Related to headers #52

Closed arbazkiraak closed 5 years ago

arbazkiraak commented 5 years ago

Hello,

Thanks for the awesome project.

Just want to confirm that following output is valid way to include headers ?

tplmap.py -u 'http://test.com/vulnerabilities/xss_r/?name=1' -c 'PHPSESSID=khts0212754guo737cii4p9i40; security=low' -H 'Accept-Language:en-US,en;q=0.9' -H 'Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8' -H 'User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36' --level=5

Thanks ~

arbazkiraak commented 5 years ago

Tested, Add the headers to the request also perform SSTI over headers. Great !