Question

Developing exploits for each system you target can be time-consuming. Luckily, templates often contain already known exploits that others have discovered, so when you find a template injection vulnerability, it’s a good idea to automate the exploitation process to make your work more efficient.

为每一个你针对的系统开发漏洞利用可能非常耗费时间。幸运的是，模板通常包含其他人发现的已知漏洞，因此当您发现一个模板注入漏洞时，自动化利用过程是个不错的选择，可以让您的工作更有效率。

One tool built to automate the template injection process, called tplmap ( https://github.com/epinna/tplmap/ ), can scan for template injections, determine the template engine in use, and construct exploits. While this tool does not support every template engine, it should provide you with a good starting point for the most popular ones.

一个用于自动化模板注入过程的工具叫做 tplmap（https://github.com/epinna/tplmap/），它可以扫描模板注入，确定使用的模板引擎，并构建攻击。虽然这个工具不支持每个模板引擎，但它应该为大多数流行的模板引擎提供一个很好的起点。