mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
16 lines
366 B
Ruby
16 lines
366 B
Ruby
# Ruby Sinatra route, vulnerable.
|
|
# Reads a real path-capture parameter from Sinatra and pipes it through /bin/sh.
|
|
|
|
require 'sinatra/base'
|
|
|
|
class NyxSinatraApp < Sinatra::Base
|
|
set :environment, :test
|
|
disable :run
|
|
|
|
get '/run/:payload' do |payload|
|
|
STDOUT.print("__NYX_SINK_HIT__\n")
|
|
out = `echo hello #{payload}`
|
|
STDOUT.print(out)
|
|
out
|
|
end
|
|
end
|