Open wdahlenburg opened 3 years ago
Hey @wdahlenburg, I have already done this in my PR: #79. Just the fact that @epinna didn't merge it
Dang this could have saved me some time yesterday. It looks like we both chose different places in the code to filter for specific parameters.
I'll leave preference up to @epinna
🙄
Added the -p or --parameter option as a way to specify which parameter to attempt template injections on. By default all parameters are still tried.
For the example in the Readme:
python ./tplmap.py -u "http://127.0.0.1:8000/page?name=John&foobar=test" -p name
Only the name parameter will be tested.
This can be useful for reducing the number of attempts required to exploit and provides an alternate syntax to injecting the '*' character.