apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-21 20:18:06 +02:00
Code Issues Projects Releases Packages Wiki Activity

Dynamic (#77)

Browse source
This commit is contained in:
Eli Peter 2026-06-05 10:16:30 -05:00 committed by GitHub
parent 55247b7fcd
commit 991c84a1eb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1464 changed files with 225448 additions and 1985 deletions
Download patch file Download diff file Expand all files Collapse all files

24
tests/dynamic_fixtures/xpath_injection/php/benign.php Normal file
View file

@ -0,0 +1,24 @@
<?php
// Phase 07 (Track J.5) — PHP XPATH_INJECTION benign control fixture.
//
// Same shape as `vuln.php` but routes the attacker-controlled `$name`
// through a small XPath-string-literal escape helper before splicing
// it into the expression, so the selector stays pinned to a single
// node.
function nyx_xpath_escape($s) {
if (strpos($s, "'") === false) {
return "'" . $s . "'";
}
if (strpos($s, '"') === false) {
return '"' . $s . '"';
}
return "concat('" . str_replace("'", "',\"'\",'", $s) . "')";
}
function run($name) {
$doc = new DOMDocument();
$doc->load('xpath_corpus.xml');
$xp = new DOMXPath($doc);
$expr = "//user[@name=" . nyx_xpath_escape($name) . "]";
return $xp->query($expr);
}