nyx/tests/dynamic_fixtures/header_injection/java/Vuln.java

// Phase 08 (Track J.6) — Java HEADER_INJECTION vuln fixture.
//
// The function string-concatenates the attacker-controlled `value`
// directly into a `Set-Cookie` header set via
// `HttpServletResponse.setHeader`.  A payload carrying `\r\nSet-Cookie:
// nyx-injected=pwn` splits the single header into two on the wire.
import javax.servlet.http.HttpServletResponse;

public class Vuln {
    public static void run(HttpServletResponse response, String value) {
        response.setHeader("Set-Cookie", value);
    }
}
[pitboss] phase 08: Track J.6 + Track L.6 — `HEADER_INJECTION` corpus + every HTTP framework 2026-05-18 01:08:32 -05:00			`// Phase 08 (Track J.6) — Java HEADER_INJECTION vuln fixture.`
			`//`
			// The function string-concatenates the attacker-controlled `value`
			// directly into a `Set-Cookie` header set via
			// `HttpServletResponse.setHeader`. A payload carrying `\r\nSet-Cookie:
			// nyx-injected=pwn` splits the single header into two on the wire.
			`import javax.servlet.http.HttpServletResponse;`

			`public class Vuln {`
			`public static void run(HttpServletResponse response, String value) {`
			`response.setHeader("Set-Cookie", value);`
			`}`
			`}`