README.md
Rendering markdown...
#!/usr/bin/env python3
"""
Simulated internal service for CVE-2026-32255 PoC.
This script mimics an internal API that exposes sensitive configuration data.
In a real scenario, this would be a service only accessible from within the
internal network (e.g., a config server, metadata endpoint, or admin API).
Usage: python3 internal-service.py [port]
"""
import json
import sys
from http.server import HTTPServer, BaseHTTPRequestHandler
PORT = int(sys.argv[1]) if len(sys.argv) > 1 else 8888
SENSITIVE_DATA = {
"service": "internal-config-api",
"credentials": {
"db_host": "10.0.0.5",
"db_user": "admin",
"db_password": "s3cret_passw0rd!",
"api_key": "sk-internal-4f8a2b1c9d3e7f6a5b0c8d2e1f4a7b3c",
},
}
class Handler(BaseHTTPRequestHandler):
def do_GET(self):
self.send_response(200)
self.send_header("Content-Type", "application/json")
self.end_headers()
self.wfile.write(json.dumps(SENSITIVE_DATA, indent=2).encode())
def log_message(self, format, *args):
print(f"[internal-service] {args[0]}")
if __name__ == "__main__":
server = HTTPServer(("0.0.0.0", PORT), Handler)
print(f"[*] Internal service listening on http://0.0.0.0:{PORT}")
try:
server.serve_forever()
except KeyboardInterrupt:
print("\n[*] Shutting down")
server.shutdown()