apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-09 19:45:13 +02:00
Code Issues Projects Releases Packages Wiki Activity

Dynamic (#77)

Browse source
This commit is contained in:
Eli Peter 2026-06-05 10:16:30 -05:00 committed by GitHub
parent 55247b7fcd
commit 991c84a1eb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1464 changed files with 225448 additions and 1985 deletions
Download patch file Download diff file Expand all files Collapse all files

11
tests/dynamic_fixtures/php/cli_script/benign.php Normal file
View file

@ -0,0 +1,11 @@
<?php
// Phase 15 — CLI script with $argv, benign.
// Validates $argv[1] then runs a fixed echo.
$payload = $argv[1] ?? '';
if (!preg_match('/^[A-Za-z0-9]{1,32}$/', $payload)) {
echo "invalid\n";
exit(0);
}
$out = shell_exec("echo hello");
echo $out;

6
tests/dynamic_fixtures/php/cli_script/composer.json Normal file
View file

@ -0,0 +1,6 @@
{
"name": "nyx/cli-script-fixture",
"require": {
"php": ">=8.0"
}
}

9
tests/dynamic_fixtures/php/cli_script/vuln.php Normal file
View file

@ -0,0 +1,9 @@
<?php
// Phase 15 — CLI script with $argv, vulnerable.
// Top-level body reads $argv[1] and pipes to /bin/sh -c.
echo "__NYX_SINK_HIT__\n";
$payload = $argv[1] ?? '';
$out = shell_exec("echo hello " . $payload);
echo $out;