mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
13 lines
435 B
Java
13 lines
435 B
Java
// Phase 20 (Track M.2) — RabbitMQ Java vuln fixture.
|
|
|
|
import org.springframework.amqp.rabbit.annotation.RabbitListener;
|
|
|
|
public class Vuln {
|
|
public Vuln() {}
|
|
|
|
@RabbitListener(queues = "work")
|
|
public void onMessage(String messageId, String body) throws Exception {
|
|
// SINK: tainted body concatenated into shell command
|
|
new ProcessBuilder("sh", "-c", "echo " + body).inheritIO().start().waitFor();
|
|
}
|
|
}
|