You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Found injection in POST parameter on website made with spring.
Payload: #{7*7}
Response: You searched for: ??49_en_US??
Command: ./tplmap.py -X POST -d name=AAonDRyz -u 'url' --proxy=127.0.0.1:8080
When testing with tplmap no injectable parameter were found. I checked the request tplmap makes, and all requests containing payloads with #{ were surrounded with single or double quotes and got not detected.
Example:
Payload: "#{95*58}"
Response: You searched for: "#{95*58}"
Example2:
Payload: '#{2+2}'
Response: You searched for: #{2+2}
I was recently facing an issue described here: #103 , and removed Twig from the plugin array in /core/checks.py. Maybe some checks are skipped now.
The text was updated successfully, but these errors were encountered:
Found injection in POST parameter on website made with spring.
Payload:
#{7*7}Response:
You searched for: ??49_en_US??Command:
./tplmap.py -X POST -d name=AAonDRyz -u 'url' --proxy=127.0.0.1:8080When testing with tplmap no injectable parameter were found. I checked the request tplmap makes, and all requests containing payloads with
#{were surrounded with single or double quotes and got not detected.Example:
Payload:
"#{95*58}"Response:
You searched for: "#{95*58}"Example2:
Payload:
'#{2+2}'Response:
You searched for: #{2+2}I was recently facing an issue described here: #103 , and removed
Twigfrom the plugin array in /core/checks.py. Maybe some checks are skipped now.The text was updated successfully, but these errors were encountered: