nyx/tests/dynamic_fixtures/header_injection/java/Vuln.java

// Phase 08 (Track J.6) — Java HEADER_INJECTION vuln fixture.
//
// The function string-concatenates the attacker-controlled `value`
// directly into a `Set-Cookie` header set via
// `HttpServletResponse.setHeader`.  A payload carrying `\r\nSet-Cookie:
// nyx-injected=pwn` splits the single header into two on the wire.
import javax.servlet.http.HttpServletResponse;

public class Vuln {
    public static void run(HttpServletResponse response, String value) {
        response.setHeader("Set-Cookie", value);
    }
}
Dynamic (#77) 2026-06-05 10:16:30 -05:00			`// Phase 08 (Track J.6) — Java HEADER_INJECTION vuln fixture.`
			`//`
			// The function string-concatenates the attacker-controlled `value`
			// directly into a `Set-Cookie` header set via
			// `HttpServletResponse.setHeader`. A payload carrying `\r\nSet-Cookie:
			// nyx-injected=pwn` splits the single header into two on the wire.
			`import javax.servlet.http.HttpServletResponse;`

			`public class Vuln {`
			`public static void run(HttpServletResponse response, String value) {`
			`response.setHeader("Set-Cookie", value);`
			`}`
			`}`