[05:28:22] container phpbb-cve2026-48611-vv-vuln healthy [05:28:23] container phpbb-cve2026-48611-vv-fixed healthy [05:28:23] === V5 control: original exploit on VULNERABLE 3.3.16 === [05:28:23] V5 vuln: _u=2 (admin=2); ACP link count=2 [05:28:23] === V5 control: original exploit on FIXED 3.3.17 (ucp.php path) === [05:28:23] V5 fixed (ucp.php): _u=1 [05:28:23] === V5 control: original exploit on FIXED 3.3.17 (controller path) === [05:28:23] V5 fixed (controller): _u=1 [05:28:23] === V1 variant: register flow with auth_provider=apache on FIXED 3.3.17 === [05:28:24] V1 form: form_token= creation_time= [05:28:24] V1 fixed register: _u=1; error block count=0 [05:28:24] === V1 variant: register flow with auth_provider=apache on VULNERABLE 3.3.16 === [05:28:24] V1 vuln register: _u=1; error block count=0 [05:28:24] === V2 variant: auth_provider forwarded via ucp.php?mode=login_link on FIXED 3.3.17 === [05:28:24] V2 fixed: _u=1; resp first line: HTTP/1.0 301 Moved Permanently [05:28:24] === V3 variant: controller link_account?auth_provider=apache on FIXED 3.3.17 === [05:28:24] V3 fixed: _u=1; error block count=1 [05:28:24] === V4 variant: oauth login controller /oauth/login/apache on FIXED 3.3.17 === [05:28:24] V4 fixed: _u=1; resp first line: HTTP/1.1 401 Unauthorized [05:28:24] VERDICT: vuln_hijack=yes; fixed_original_blocked=yes; fixed_variant_hit=no [05:28:25] RESULT: NO BYPASS — fixed 3.3.17 blocks every candidate; vuln control hijack=yes [05:28:31] container phpbb-cve2026-48611-vv-vuln healthy [05:28:31] container phpbb-cve2026-48611-vv-fixed healthy [05:28:31] === V5 control: original exploit on VULNERABLE 3.3.16 === [05:28:32] V5 vuln: _u=2 (admin=2); ACP link count=2 [05:28:32] === V5 control: original exploit on FIXED 3.3.17 (ucp.php path) === [05:28:32] V5 fixed (ucp.php): _u=1 [05:28:32] === V5 control: original exploit on FIXED 3.3.17 (controller path) === [05:28:32] V5 fixed (controller): _u=1 [05:28:32] === V1 variant: register flow with auth_provider=apache on FIXED 3.3.17 === [05:28:32] V1 form: form_token= creation_time= [05:28:32] V1 fixed register: _u=1; error block count=0 [05:28:32] === V1 variant: register flow with auth_provider=apache on VULNERABLE 3.3.16 === [05:28:33] V1 vuln register: _u=1; error block count=0 [05:28:33] === V2 variant: auth_provider forwarded via ucp.php?mode=login_link on FIXED 3.3.17 === [05:28:33] V2 fixed: _u=1; resp first line: HTTP/1.0 301 Moved Permanently [05:28:33] === V3 variant: controller link_account?auth_provider=apache on FIXED 3.3.17 === [05:28:33] V3 fixed: _u=1; error block count=1 [05:28:33] === V4 variant: oauth login controller /oauth/login/apache on FIXED 3.3.17 === [05:28:33] V4 fixed: _u=1; resp first line: HTTP/1.1 401 Unauthorized [05:28:33] VERDICT: vuln_hijack=yes; fixed_original_blocked=yes; fixed_variant_hit=no [05:28:33] RESULT: NO BYPASS — fixed 3.3.17 blocks every candidate; vuln control hijack=yes [05:30:20] container phpbb-cve2026-48611-vv-vuln healthy [05:30:21] container phpbb-cve2026-48611-vv-fixed healthy [05:30:21] === V5 control: original exploit on VULNERABLE 3.3.16 === [05:30:21] V5 vuln: _u=2 (admin=2); ACP link count=2 [05:30:21] === V5 control: original exploit on FIXED 3.3.17 (ucp.php path) === [05:30:21] V5 fixed (ucp.php): _u=1 [05:30:21] === V5 control: original exploit on FIXED 3.3.17 (controller path) === [05:30:21] V5 fixed (controller): _u=1 [05:30:21] === V1 variant: register flow with auth_provider=apache on FIXED 3.3.17 === [05:30:21] V1 form: form_token= creation_time= [05:30:21] V1 fixed register: _u=1; error block count=0 [05:30:21] === V1 variant: register flow with auth_provider=apache on VULNERABLE 3.3.16 === [05:30:22] V1 vuln register: _u=1; error block count=0 [05:30:22] === V2 variant: auth_provider forwarded via ucp.php?mode=login_link on FIXED 3.3.17 === [05:30:22] V2 fixed: _u=1; resp first line: HTTP/1.0 301 Moved Permanently [05:30:22] === V3 variant: controller link_account?auth_provider=apache on FIXED 3.3.17 === [05:30:22] V3 fixed: _u=1; error block count=1 [05:30:22] === V4 variant: oauth login controller /oauth/login/apache on FIXED 3.3.17 === [05:30:22] V4 fixed: _u=1; resp first line: HTTP/1.1 401 Unauthorized [05:30:22] VERDICT: vuln_hijack=yes; fixed_original_blocked=yes; fixed_variant_hit=no [05:30:22] RESULT: NO BYPASS — fixed 3.3.17 blocks every candidate; vuln control hijack=yes