nyx/tests/dynamic_fixtures/java/servlet_dopost/Vuln.java

// Phase 14 — servlet doPost, vulnerable.
//
// Reads the POST body from the request stub and feeds it through
// `/bin/sh -c`.

import java.io.BufferedReader;
import java.io.InputStreamReader;

public class Vuln {
    public void doPost(HttpServletRequest req, HttpServletResponse resp) throws Exception {
        System.out.print("__NYX_SINK_HIT__\n");
        String input = req.getBody();
        if (input == null) input = "";
        String[] cmd = {"/bin/sh", "-c", "echo hello " + input};
        Process p = Runtime.getRuntime().exec(cmd);
        BufferedReader reader = new BufferedReader(new InputStreamReader(p.getInputStream()));
        String line;
        while ((line = reader.readLine()) != null) {
            resp.write(line + "\n");
        }
        p.waitFor();
    }
}
[pitboss] phase 14: Track B — Java harness emitter shapes 2026-05-14 16:54:56 -05:00			`// Phase 14 — servlet doPost, vulnerable.`
			`//`
			`// Reads the POST body from the request stub and feeds it through`
			// `/bin/sh -c`.

			`import java.io.BufferedReader;`
			`import java.io.InputStreamReader;`

			`public class Vuln {`
			`public void doPost(HttpServletRequest req, HttpServletResponse resp) throws Exception {`
			`System.out.print("__NYX_SINK_HIT__\n");`
			`String input = req.getBody();`
			`if (input == null) input = "";`
			`String[] cmd = {"/bin/sh", "-c", "echo hello " + input};`
			`Process p = Runtime.getRuntime().exec(cmd);`
			`BufferedReader reader = new BufferedReader(new InputStreamReader(p.getInputStream()));`
			`String line;`
			`while ((line = reader.readLine()) != null) {`
feat(dynamic): enhance corpus sync script with improved payload parsing, registry checks, and expanded validation logic 2026-06-01 22:51:05 -05:00			`resp.write(line + "\n");`
[pitboss] phase 14: Track B — Java harness emitter shapes 2026-05-14 16:54:56 -05:00			`}`
			`p.waitFor();`
			`}`
			`}`