{
  "entrypoint_kind": "api_remote",
  "entrypoint_detail": "Variant/bypass matrix: V1 register flow, V2 redirect-forwarded auth_provider, V3 controller?auth_provider=apache, V4 oauth login controller, V5 original exploit control",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "apache2.4",
    "mod_php8.2",
    "phpBB-3.3.x",
    "sqlite3"
  ],
  "proof_artifacts": [
    "logs/vuln_variant.log",
    "logs/vv_vuln_v5_resp.txt",
    "logs/vv_fixed_v5ctrl_resp.txt",
    "logs/vv_fixed_v1_register_resp.txt",
    "logs/vv_fixed_v3_resp.txt",
    "logs/vv_fixed_v4_resp.txt",
    "vuln_variant/artifacts"
  ],
  "notes": "vuln 3.3.16 original exploit _u=2 (admin=2) hijack=true; fixed 3.3.17: original blocked=true (controller _u=1); variant candidates on fixed -> V1 register _u=1, V2 redirect _u=1, V3 controller?auth_provider _u=1, V4 oauth-login _u=1; bypass_found=false"
}
