[pitboss] phase 08: Track J.6 + Track L.6 — HEADER_INJECTION corpus + every HTTP framework

This commit is contained in:
pitboss 2026-05-18 01:08:32 -05:00
parent 59d627cb22
commit e0e49f65d3
45 changed files with 2552 additions and 41 deletions

View file

@ -0,0 +1,16 @@
// Phase 08 (Track J.6) — Rust HEADER_INJECTION benign control fixture.
//
// Same shape as `vuln.rs` but routes the value through the
// `percent-encoding` crate first, so CRLF bytes land as `%0D%0A` and
// the wire keeps a single header.
use axum::http::HeaderMap;
use axum::http::HeaderValue;
use percent_encoding::{utf8_percent_encode, NON_ALPHANUMERIC};
pub fn run(headers: &mut HeaderMap, value: &str) {
let encoded: String = utf8_percent_encode(value, NON_ALPHANUMERIC).collect();
headers.insert(
"set-cookie",
HeaderValue::from_str(&encoded).unwrap(),
);
}

View file

@ -0,0 +1,17 @@
// Phase 08 (Track J.6) — Rust HEADER_INJECTION vuln fixture.
//
// The function inserts the attacker-controlled `value` into an axum
// `HeaderMap` via `headers_mut().insert`, bypassing
// `HeaderValue::from_str`'s newline check by passing the tainted
// bytes through `HeaderValue::from_bytes(...).unwrap()`. A payload
// carrying `\r\nSet-Cookie: nyx-injected=pwn` splits the single
// header into two on the wire.
use axum::http::HeaderMap;
use axum::http::HeaderValue;
pub fn run(headers: &mut HeaderMap, value: &str) {
headers.insert(
"set-cookie",
HeaderValue::from_bytes(value.as_bytes()).unwrap(),
);
}