MCPcopy
hub / github.com/epinna/tplmap / detect_template_injection

Function detect_template_injection

core/checks.py:111–139  ·  view source on GitHub ↗
(channel, plugins = plugins)

Source from the content-addressed store, hash-verified

109}))
110
111def detect_template_injection(channel, plugins = plugins):
112
113 # Loop manually the channel.injs modifying channel's inj_idx
114 for i in xrange(len(channel.injs)):
115
116 log.info("Testing if %s parameter '%s' is injectable" % (
117 channel.injs[channel.inj_idx]['field'],
118 channel.injs[channel.inj_idx]['param']
119 )
120 )
121
122 current_plugin = None
123
124 # Iterate all the available plugins until
125 # the first template engine is detected.
126 for plugin in plugins:
127
128 current_plugin = plugin(channel)
129
130 # Skip if user specify a specific --engine
131 if channel.args.get('engine') and channel.args.get('engine').lower() != current_plugin.plugin.lower():
132 continue
133
134 current_plugin.detect()
135
136 if channel.data.get('engine'):
137 return current_plugin
138
139 channel.inj_idx += 1
140
141def check_template_injection(channel):
142

Calls 2

getMethod · 0.80
detectMethod · 0.45