Add parameter command line option

epinna / tplmap

Server-Side Template Injection and Code Injection Detection and Exploitation Tool

GNU General Public License v3.0

3.75k stars 670 forks source link

Open wdahlenburg opened 3 years ago

wdahlenburg commented 3 years ago

Added the -p or --parameter option as a way to specify which parameter to attempt template injections on. By default all parameters are still tried.

For the example in the Readme: python ./tplmap.py -u "http://127.0.0.1:8000/page?name=John&foobar=test" -p name

Only the name parameter will be tested.

This can be useful for reducing the number of attempts required to exploit and provides an alternate syntax to injecting the '*' character.

shelld3v commented 3 years ago

Hey @wdahlenburg, I have already done this in my PR: #79. Just the fact that @epinna didn't merge it

wdahlenburg commented 3 years ago

Dang this could have saved me some time yesterday. It looks like we both chose different places in the code to filter for specific parameters.

I'll leave preference up to @epinna

shelld3v commented 3 years ago

🙄