mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-21 20:18:06 +02:00
33 lines
770 B
Go
33 lines
770 B
Go
// SSRF — positive fixture.
|
|
// Vulnerable: makes a request to a user-controlled URL.
|
|
// Entry: FetchURL(targetURL string) Cap: SSRF
|
|
// Expected verdict: Confirmed (file:///etc/passwd → "daemon:" in output)
|
|
// Note: Go http.Get does not support file:// scheme; we detect it and use os.ReadFile.
|
|
|
|
package entry
|
|
|
|
import (
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"os"
|
|
"strings"
|
|
)
|
|
|
|
func FetchURL(targetURL string) {
|
|
fmt.Print("__NYX_SINK_HIT__\n")
|
|
if strings.HasPrefix(targetURL, "file://") {
|
|
path := strings.TrimPrefix(targetURL, "file://")
|
|
data, err := os.ReadFile(path)
|
|
if err == nil {
|
|
fmt.Print(string(data))
|
|
}
|
|
return
|
|
}
|
|
resp, err := http.Get(targetURL)
|
|
if err == nil {
|
|
defer resp.Body.Close()
|
|
body, _ := io.ReadAll(resp.Body)
|
|
fmt.Print(string(body))
|
|
}
|
|
}
|