mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
14 lines
407 B
Ruby
14 lines
407 B
Ruby
# Phase 15 — Rack middleware, vulnerable.
|
|
# `call(env)` reads env['nyx.payload'] and pipes to /bin/sh -c.
|
|
|
|
class NyxRackApp
|
|
def initialize(app = nil); @app = app; end
|
|
|
|
def call(env)
|
|
STDOUT.print("__NYX_SINK_HIT__\n")
|
|
payload = env['nyx.payload'] || ENV['NYX_PAYLOAD'] || ''
|
|
out = `echo hello #{payload}`
|
|
STDOUT.print(out)
|
|
[200, { 'Content-Type' => 'text/plain' }, [out]]
|
|
end
|
|
end
|