nyx/tests/dynamic_fixtures/php_frameworks/laravel/benign.php

<?php
// Phase 16 — Laravel-style route, benign sanitised payload.

use Illuminate\Support\Facades\Route;

Route::get('/run', 'UserController@run');

class UserController
{
    public function run($payload)
    {
        echo "__NYX_SINK_HIT__\n";
        $cmd = "echo hello " . escapeshellarg($payload);
        $out = shell_exec($cmd);
        echo $out;
        return $out;
    }
}
[pitboss] phase 16: Track L.14 — Laravel / Symfony / CodeIgniter adapters 2026-05-18 16:33:19 -05:00			`<?php`
			`// Phase 16 — Laravel-style route, benign sanitised payload.`

			`use Illuminate\Support\Facades\Route;`

			`Route::get('/run', 'UserController@run');`

			`class UserController`
			`{`
			`public function run($payload)`
			`{`
			`echo "__NYX_SINK_HIT__\n";`
			`$cmd = "echo hello " . escapeshellarg($payload);`
			`$out = shell_exec($cmd);`
			`echo $out;`
			`return $out;`
			`}`
			`}`