mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
21 lines
521 B
Go
21 lines
521 B
Go
// Phase 15 — http.HandlerFunc, vulnerable.
|
|
// Reads `?payload=` query value and pipes to /bin/sh -c.
|
|
// Entry: Handle(w http.ResponseWriter, r *http.Request) Cap: CODE_EXEC
|
|
|
|
package entry
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
"os/exec"
|
|
)
|
|
|
|
func Handle(w http.ResponseWriter, r *http.Request) {
|
|
fmt.Print("__NYX_SINK_HIT__\n")
|
|
payload := r.URL.Query().Get("payload")
|
|
cmd := exec.Command("sh", "-c", "echo hello "+payload)
|
|
out, _ := cmd.CombinedOutput()
|
|
fmt.Print(string(out))
|
|
w.WriteHeader(http.StatusOK)
|
|
w.Write(out)
|
|
}
|