search

epinna / tplmap

Server-Side Template Injection and Code Injection Detection and Exploitation Tool
GNU General Public License v3.0
3.75k stars 670 forks source link

Can't SSTI injection through cookie value #96

Open thunder-sword opened 3 years ago

thunder-sword commented 3 years ago

I can't find an option for SSTI injection through cookie value, but it is commonly used.

eg: curl http://ip --cookie "username={{2*2}}" hello 4