[pitboss] phase 05: M5 — JS/TS, Go, Java, PHP harness emitters

This commit is contained in:
pitboss 2026-05-12 02:20:55 -04:00
parent 84638e7d57
commit 345b44d3cc
103 changed files with 5637 additions and 34 deletions

View file

@ -0,0 +1,12 @@
<?php
// SQL injection — positive fixture.
// Vulnerable: directly concatenates user input into SQL query string.
// Entry: login($username) Cap: SQL_QUERY
// Expected verdict: Confirmed (UNION payload echoes NYX_SQL_CONFIRMED)
function login($username) {
$query = "SELECT name FROM users WHERE name='" . $username . "'";
echo "__NYX_SINK_HIT__\n";
// Error-based echo: output the query so UNION payload is visible.
echo "DB query: " . $query . "\n";
}