search

epinna / tplmap

Server-Side Template Injection and Code Injection Detection and Exploitation Tool
GNU General Public License v3.0
3.75k stars 670 forks source link

Traceback (most recent call last): File "./tplmap.py", line 3, in <module> #93

Open fuckwbored opened 3 years ago

fuckwbored commented 3 years ago

Traceback (most recent call last): File "./tplmap.py", line 3, in from core import checks File "/home/kali/tplmap/core/checks.py", line 1, in from plugins.engines.mako import Mako File "/home/kali/tplmap/plugins/engines/mako.py", line 1, in from plugins.languages import python File "/home/kali/tplmap/plugins/languages/python.py", line 2, in from core.plugin import Plugin File "/home/kali/tplmap/core/plugin.py", line 3, in from utils.loggers import log File "/home/kali/tplmap/utils/loggers.py", line 4, in import utils.config File "/home/kali/tplmap/utils/config.py", line 3, in import yaml ImportError: No module named yaml

What i shuld do? I installed requirements.txt

Azteq-Sudo commented 3 years ago

same issue

wirabhakti commented 3 years ago

first i create python2 virtualenv cause i think this projects is not mantained anymore there must be broken dependencies etc... after that i run pip install PyYaml (note pip in python 2 is already installed if you are using Python 2 >=2.7.9)

I try implementing Template Injection Workshop by Go Secure (https://www.youtube.com/watch?v=I7xQZOvZzIw&t=2s) and success :)

this is my result running the script :

` ./tplmap.py -X POST -u 'http://172.18.0.2/' -d 'email=john' [+] Tplmap 0.5 Automatic Server-Side Template Injection Detection and Exploitation Tool

[+] Testing if POST parameter 'email' is injectable [+] Smarty plugin is testing rendering with tag '' [+] Smarty plugin is testing blind injection [+] Mako plugin is testing rendering with tag '${}' [+] Mako plugin is testing blind injection [+] Python plugin is testing rendering with tag 'str()' [+] Python plugin is testing blind injection [+] Tornado plugin is testing rendering with tag '{{}}' [+] Tornado plugin is testing blind injection [+] Jinja2 plugin is testing rendering with tag '{{}}' [+] Jinja2 plugin is testing blind injection [+] Twig plugin is testing rendering with tag '{{}}' [+] Twig plugin has confirmed injection with tag '{{*}}' [+] Tplmap identified the following injection point:

POST parameter: email Engine: Twig Injection: {{*}} Context: text OS: Linux Technique: render Capabilities:

Shell command execution: ok Bind and reverse shell: ok File write: ok File read: ok Code evaluation: ok, php code `

0xPugal commented 2 years ago

I too face the same issue. :(

0xPugal commented 2 years ago 
Traceback (most recent call last):
  File "./tplmap.py", line 3, in <module>
    from core import checks
  File "/home/littleboy_pugazh/tplmap/core/checks.py", line 1, in <module>
    from plugins.engines.mako import Mako
  File "/home/littleboy_pugazh/tplmap/plugins/engines/mako.py", line 1, in <module>
    from plugins.languages import python
  File "/home/littleboy_pugazh/tplmap/plugins/languages/python.py", line 2, in <module>
    from core.plugin import Plugin
  File "/home/littleboy_pugazh/tplmap/core/plugin.py", line 3, in <module>
    from utils.loggers import log
  File "/home/littleboy_pugazh/tplmap/utils/loggers.py", line 4, in <module>
    import utils.config
  File "/home/littleboy_pugazh/tplmap/utils/config.py", line 3, in <module>
    import yaml
ImportError: No module named yaml
0xChupaCabra commented 2 years ago

https://stackoverflow.com/questions/67537167/installing-python2-pyyaml try this to install pyyaml with pip2 command