mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
16 lines
514 B
Python
16 lines
514 B
Python
"""SSRF — positive fixture.
|
|
|
|
Vulnerable function: fetches a user-controlled URL.
|
|
Expected verdict: Confirmed (file:// payload reads /etc/passwd → "root:").
|
|
"""
|
|
import urllib.request
|
|
|
|
|
|
def fetch_url(url):
|
|
"""Vulnerable: fetches URL provided by user without validation."""
|
|
try:
|
|
with urllib.request.urlopen(url, timeout=3) as resp:
|
|
content = resp.read().decode("utf-8", errors="replace")
|
|
print(content)
|
|
except Exception as e:
|
|
print(f"Fetch error: {e}", end="")
|