mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
13 lines
455 B
JavaScript
13 lines
455 B
JavaScript
// Phase 08 (Track J.6) — JavaScript HEADER_INJECTION vuln fixture.
|
|
//
|
|
// The function assigns the attacker-controlled `value` directly into a
|
|
// Node response's `Set-Cookie` header via `http.ServerResponse
|
|
// #setHeader`. A payload carrying `\r\nSet-Cookie: nyx-injected=pwn`
|
|
// splits the single header into two on the wire.
|
|
const http = require('http');
|
|
|
|
function run(res, value) {
|
|
res.setHeader('Set-Cookie', value);
|
|
}
|
|
|
|
module.exports = { run };
|