nyx/tests/dynamic_fixtures/ruby/sinatra_route/vuln.rb at f9bd51c024f095c552b4dc392b1ec00bac9da4cd - apunkt/nyx - bitfreedom.net: free all bits, everywhere

apunkt/nyx

mirror of https://github.com/elicpeter/nyx.git synced 2026-06-09 19:45:13 +02:00

pitboss a9b61a9126 [pitboss] phase 15: Track B — Go + PHP + Ruby harness emitter shapes

2026-05-14 17:45:42 -05:00

11 lines

306 B

Ruby

Raw Blame History

 # Phase 15 — Sinatra route, vulnerable.
 # Reads payload (passed by harness via block argument) and pipes through /bin/sh.
 # Entry: route block  Cap: CODE_EXEC
 # nyx-shape: sinatra
 get '/run' do |payload|
   STDOUT.print("__NYX_SINK_HIT__\n")
   out = `echo hello #{payload}`
   STDOUT.print(out)
   out
 end