apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-27 20:29:39 +02:00
Code Issues Projects Releases Packages Wiki Activity

Dynamic (#77)

Browse source
This commit is contained in:
Eli Peter 2026-06-05 10:16:30 -05:00 committed by GitHub
parent 55247b7fcd
commit 991c84a1eb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1464 changed files with 225448 additions and 1985 deletions
Download patch file Download diff file Expand all files Collapse all files

15
tests/dynamic_fixtures/xpath_injection/php/vuln.php Normal file
View file

@ -0,0 +1,15 @@
<?php
// Phase 07 (Track J.5) — PHP XPATH_INJECTION vuln fixture.
//
// The function string-concatenates the attacker-controlled `$name`
// directly into an XPath expression evaluated by `DOMXPath::query`.
// A payload like `alice' or '1'='1` rewraps the selector as
// `//user[@name='alice' or '1'='1']`, matching every <user> node in
// the staged `xpath_corpus.xml`.
function run($name) {
$doc = new DOMDocument();
$doc->load('xpath_corpus.xml');
$xp = new DOMXPath($doc);
$expr = "//user[@name='" . $name . "']";
return $xp->query($expr);
}