mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-12 19:55:14 +02:00
18 lines
442 B
Ruby
18 lines
442 B
Ruby
# Ruby ActionController action, vulnerable.
|
|
# The harness drives UsersController.action(:index) through Rack.
|
|
|
|
require 'action_controller'
|
|
|
|
class ApplicationController < ActionController::Base
|
|
self.view_paths = []
|
|
end
|
|
|
|
class UsersController < ApplicationController
|
|
def index
|
|
STDOUT.print("__NYX_SINK_HIT__\n")
|
|
payload = params[:payload].to_s
|
|
out = `echo hello #{payload}`
|
|
STDOUT.print(out)
|
|
render plain: out
|
|
end
|
|
end
|