apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-09 19:45:13 +02:00
Code Issues Projects Releases Packages Wiki Activity

[pitboss] phase 05: M5 — JS/TS, Go, Java, PHP harness emitters

Browse source
This commit is contained in:
pitboss 2026-05-12 02:20:55 -04:00
parent 84638e7d57
commit 345b44d3cc
103 changed files with 5637 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

13
tests/dynamic_fixtures/java/sqli_positive.java Normal file
View file

@ -0,0 +1,13 @@
// SQL injection positive fixture.
// Vulnerable: directly concatenates user input into SQL query string.
// Entry: Entry.login(String) Cap: SQL_QUERY
// Expected verdict: Confirmed (UNION payload echoes NYX_SQL_CONFIRMED)
public class Entry {
public static void login(String username) {
String query = "SELECT name FROM users WHERE name='" + username + "'";
System.out.print("__NYX_SINK_HIT__\n");
// Error-based echo: output the query so UNION payload is visible.
System.out.println("DB query: " + query);
}
}