search

gwen001 / offsectools_www

A vast collection of security tools and resources curated by the community.
https://offsec.tools
180 stars 23 forks source link

[addtool] tplmap #104

Closed mrrootsec closed 1 year ago

mrrootsec commented 1 year ago

[link]https://github.com/epinna/tplmap[/link] [short_descr] Server-Side Template Injection and Code Injection Detection and Exploitation Tool [/short_descr] [tags]ssti,injection[/tags] [long_descr]Tplmap assists the exploitation of Code Injection and Server-Side Template Injection vulnerabilities with a number of sandbox escape techniques to get access to the underlying operating system.

The tool and its test suite are developed to research the SSTI vulnerability class and to be used as offensive security tool during web application penetration tests.

The sandbox break-out techniques came from James Kett's Server-Side Template Injection: RCE For The Modern Web App, other public researches [1] [2], and original contributions to this tool [3] [4].

It can exploit several code context and blind injection scenarios. It also supports eval()-like code injections in Python, Ruby, PHP, Java and generic unsandboxed template engines.[/long_descr] image

gwen001 commented 1 year ago

Issue correctly handled, tool is waiting for human validation.

gwen001 commented 1 year ago

Tool has been accepted: https://offsec.tools/tool/tplmap

Thank you!