Open fuckwbored opened 3 years ago
same issue
first i create python2 virtualenv cause i think this projects is not mantained anymore there must be broken dependencies etc... after that i run pip install PyYaml
(note pip in python 2 is already installed if you are using Python 2 >=2.7.9)
I try implementing Template Injection Workshop by Go Secure (https://www.youtube.com/watch?v=I7xQZOvZzIw&t=2s) and success :)
this is my result running the script :
` ./tplmap.py -X POST -u 'http://172.18.0.2/' -d 'email=john' [+] Tplmap 0.5 Automatic Server-Side Template Injection Detection and Exploitation Tool
[+] Testing if POST parameter 'email' is injectable [+] Smarty plugin is testing rendering with tag '' [+] Smarty plugin is testing blind injection [+] Mako plugin is testing rendering with tag '${}' [+] Mako plugin is testing blind injection [+] Python plugin is testing rendering with tag 'str()' [+] Python plugin is testing blind injection [+] Tornado plugin is testing rendering with tag '{{}}' [+] Tornado plugin is testing blind injection [+] Jinja2 plugin is testing rendering with tag '{{}}' [+] Jinja2 plugin is testing blind injection [+] Twig plugin is testing rendering with tag '{{}}' [+] Twig plugin has confirmed injection with tag '{{*}}' [+] Tplmap identified the following injection point:
POST parameter: email Engine: Twig Injection: {{*}} Context: text OS: Linux Technique: render Capabilities:
Shell command execution: ok Bind and reverse shell: ok File write: ok File read: ok Code evaluation: ok, php code `
I too face the same issue. :(
Traceback (most recent call last):
File "./tplmap.py", line 3, in <module>
from core import checks
File "/home/littleboy_pugazh/tplmap/core/checks.py", line 1, in <module>
from plugins.engines.mako import Mako
File "/home/littleboy_pugazh/tplmap/plugins/engines/mako.py", line 1, in <module>
from plugins.languages import python
File "/home/littleboy_pugazh/tplmap/plugins/languages/python.py", line 2, in <module>
from core.plugin import Plugin
File "/home/littleboy_pugazh/tplmap/core/plugin.py", line 3, in <module>
from utils.loggers import log
File "/home/littleboy_pugazh/tplmap/utils/loggers.py", line 4, in <module>
import utils.config
File "/home/littleboy_pugazh/tplmap/utils/config.py", line 3, in <module>
import yaml
ImportError: No module named yaml
https://stackoverflow.com/questions/67537167/installing-python2-pyyaml try this to install pyyaml with pip2 command
Traceback (most recent call last): File "./tplmap.py", line 3, in
from core import checks
File "/home/kali/tplmap/core/checks.py", line 1, in
from plugins.engines.mako import Mako
File "/home/kali/tplmap/plugins/engines/mako.py", line 1, in
from plugins.languages import python
File "/home/kali/tplmap/plugins/languages/python.py", line 2, in
from core.plugin import Plugin
File "/home/kali/tplmap/core/plugin.py", line 3, in
from utils.loggers import log
File "/home/kali/tplmap/utils/loggers.py", line 4, in
import utils.config
File "/home/kali/tplmap/utils/config.py", line 3, in
import yaml
ImportError: No module named yaml
What i shuld do? I installed requirements.txt