mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
13 lines
408 B
Java
13 lines
408 B
Java
// Phase 20 (Track M.2) — Kafka Java vuln fixture.
|
|
|
|
import org.springframework.kafka.annotation.KafkaListener;
|
|
|
|
public class Vuln {
|
|
public Vuln() {}
|
|
|
|
@KafkaListener(topics = "orders")
|
|
public void onMessage(String body) throws Exception {
|
|
// SINK: tainted body concatenated into shell command
|
|
new ProcessBuilder("sh", "-c", "echo " + body).inheritIO().start().waitFor();
|
|
}
|
|
}
|