apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-27 20:29:39 +02:00
Code Issues Projects Releases Packages Wiki Activity

Dynamic (#77)

Browse source
This commit is contained in:
Eli Peter 2026-06-05 10:16:30 -05:00 committed by GitHub
parent 55247b7fcd
commit 991c84a1eb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1464 changed files with 225448 additions and 1985 deletions
Download patch file Download diff file Expand all files Collapse all files

12
tests/dynamic_fixtures/php/sqli_positive.php Normal file
View file

@ -0,0 +1,12 @@
<?php
// SQL injection — positive fixture.
// Vulnerable: directly concatenates user input into SQL query string.
// Entry: login($username) Cap: SQL_QUERY
// Expected verdict: Confirmed (UNION payload echoes NYX_SQL_CONFIRMED)
function login($username) {
$query = "SELECT name FROM users WHERE name='" . $username . "'";
echo "__NYX_SINK_HIT__\n";
// Error-based echo: output the query so UNION payload is visible.
echo "DB query: " . $query . "\n";
}