mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
13 lines
419 B
PHP
13 lines
419 B
PHP
|
<?php
|
||
|
|
// Command injection — adversarial collision fixture.
|
||
|
|
// Prints NYX_PWN_791_CMDI unconditionally without reaching a command sink
|
||
|
|
// and without emitting __NYX_SINK_HIT__.
|
||
|
|
// Expected verdict: Inconclusive(OracleCollisionSuspected)
|
||
|
|
// Entry: runPing($host) Cap: CODE_EXEC
|
||
|
|
|
||
|
|
function runPing($host) {
|
||
|
|
// Coincidental oracle match — not a shell sink.
|
||
|
|
echo "NYX_PWN_791_CMDI\n";
|
||
|
|
$x = strlen($host);
|
||
|
|
}
|