mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
13 lines
433 B
Ruby
13 lines
433 B
Ruby
# Phase 08 (Track J.6) — Ruby HEADER_INJECTION vuln fixture.
|
|
#
|
|
# The function assigns the attacker-controlled `value` directly into a
|
|
# Rack response's `Set-Cookie` header via `Rack::Response#set_header`.
|
|
# A payload carrying `\r\nSet-Cookie: nyx-injected=pwn` splits the
|
|
# single header into two on the wire.
|
|
require 'rack'
|
|
|
|
def run(value)
|
|
response = Rack::Response.new
|
|
response.set_header('Set-Cookie', value)
|
|
response
|
|
end
|