apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-24 20:28:06 +02:00
Code Issues Projects Releases Packages Wiki Activity

Dynamic (#77)

Browse source
This commit is contained in:
Eli Peter 2026-06-05 10:16:30 -05:00 committed by GitHub
parent 55247b7fcd
commit 991c84a1eb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1464 changed files with 225448 additions and 1985 deletions
Download patch file Download diff file Expand all files Collapse all files

13
tests/dynamic_fixtures/ldap_injection/php/benign.php Normal file
View file

@ -0,0 +1,13 @@
<?php
// Phase 06 (Track J.4) — PHP LDAP_INJECTION benign control fixture.
//
// Same shape as `vuln.php` but routes the attacker-controlled `$uid`
// through `ldap_escape($uid, "", LDAP_ESCAPE_FILTER)`, escaping the
// wildcard / paren breakout so the directory keeps returning at most
// one entry.
function run(string $uid) {
$c = ldap_connect("127.0.0.1");
ldap_bind($c);
$filter = "(uid=" . ldap_escape($uid, "", LDAP_ESCAPE_FILTER) . ")";
return ldap_search($c, "ou=people,dc=nyx,dc=test", $filter);
}