apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-21 20:18:06 +02:00
Code Issues Projects Releases Packages Wiki Activity

[pitboss] phase 08: Track J.6 + Track L.6 — HEADER_INJECTION corpus + every HTTP framework

Browse source
This commit is contained in:
pitboss 2026-05-18 01:08:32 -05:00
parent 59d627cb22
commit e0e49f65d3
45 changed files with 2552 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

10
tests/dynamic_fixtures/header_injection/php/vuln.php Normal file
View file

@ -0,0 +1,10 @@
<?php
// Phase 08 (Track J.6) — PHP HEADER_INJECTION vuln fixture.
//
// The function concatenates the attacker-controlled `$value` directly
// into a `Set-Cookie` header set via the built-in `header()` function.
// A payload carrying `\r\nSet-Cookie: nyx-injected=pwn` splits the
// single header into two on the wire.
function run($value) {
header("Set-Cookie: " . $value);
}