nyx/tests/dynamic_fixtures/ruby/sinatra_route/vuln.rb at 04b3d88eb48721fc37d4fc0a218bb2b48d00a568 - apunkt/nyx - bitfreedom.net: free all bits, everywhere

apunkt/nyx

mirror of https://github.com/elicpeter/nyx.git synced 2026-06-09 19:45:13 +02:00

pitboss a9b61a9126 [pitboss] phase 15: Track B — Go + PHP + Ruby harness emitter shapes

2026-05-14 17:45:42 -05:00

11 lines

306 B

Ruby

Raw Blame History

 # Phase 15 — Sinatra route, vulnerable.
 # Reads payload (passed by harness via block argument) and pipes through /bin/sh.
 # Entry: route block  Cap: CODE_EXEC
 # nyx-shape: sinatra
 get '/run' do |payload|
   STDOUT.print("__NYX_SINK_HIT__\n")
   out = `echo hello #{payload}`
   STDOUT.print(out)
   out
 end