apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-09 19:45:13 +02:00
Code Issues Projects Releases Packages Wiki Activity
nyx/tests/dynamic_fixtures/js/sqli_positive.js
Eli Peter 991c84a1eb
Dynamic (#77)
2026-06-05 10:16:30 -05:00

13 lines
526 B
JavaScript
Raw Permalink Blame History

// SQL injection — positive fixture.
// Vulnerable: directly concatenates user input into SQL query string.
// Entry: login(username) Cap: SQL_QUERY
// Expected verdict: Confirmed (UNION payload echoes NYX_SQL_CONFIRMED)
function login(username) {
const query = "SELECT name FROM users WHERE name='" + username + "'";
process.stdout.write('__NYX_SINK_HIT__\n');
// Simulate error-based SQL execution: echo query on failure.
process.stdout.write('DB query: ' + query + '\n');
}
module.exports = { login };
Reference in a new issue View git blame Copy permalink