apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-09 19:45:13 +02:00
Code Issues Projects Releases Packages Wiki Activity

[pitboss] phase 08: Track J.6 + Track L.6 — HEADER_INJECTION corpus + every HTTP framework

Browse source
This commit is contained in:
pitboss 2026-05-18 01:08:32 -05:00
parent 59d627cb22
commit e0e49f65d3
45 changed files with 2552 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

16
tests/dynamic_fixtures/header_injection/java/Benign.java Normal file
View file

@ -0,0 +1,16 @@
// Phase 08 (Track J.6) Java HEADER_INJECTION benign control fixture.
//
// Same shape as `Vuln.java` but URL-encodes the value via
// `URLEncoder.encode` (the OWASP-recommended defence), so any CRLF
// bytes in the value land as `%0D%0A` and the wire keeps a single
// header.
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import javax.servlet.http.HttpServletResponse;
public class Benign {
public static void run(HttpServletResponse response, String value) {
String encoded = URLEncoder.encode(value, StandardCharsets.UTF_8);
response.setHeader("Set-Cookie", encoded);
}
}

13
tests/dynamic_fixtures/header_injection/java/Vuln.java Normal file
View file

@ -0,0 +1,13 @@
// Phase 08 (Track J.6) Java HEADER_INJECTION vuln fixture.
//
// The function string-concatenates the attacker-controlled `value`
// directly into a `Set-Cookie` header set via
// `HttpServletResponse.setHeader`. A payload carrying `\r\nSet-Cookie:
// nyx-injected=pwn` splits the single header into two on the wire.
import javax.servlet.http.HttpServletResponse;
public class Vuln {
public static void run(HttpServletResponse response, String value) {
response.setHeader("Set-Cookie", value);
}
}