{
  "entrypoint_kind": "api_remote",
  "entrypoint_detail": "HTTP PUT upload of .shtml then GET /pwn.shtml on CivetWeb",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "vulnerable_attempt_1_executed": true,
  "vulnerable_attempt_2_executed": true,
  "fixed_attempt_1_blocked": true,
  "fixed_attempt_2_blocked": true,
  "runtime_stack": [
    "civetweb"
  ],
  "proof_artifacts": [
    "logs/reproduction_steps.log",
    "artifacts/vulnerable-attempt1/get_body.txt",
    "artifacts/vulnerable-attempt1/get_headers.txt",
    "artifacts/vulnerable-attempt1/server.log",
    "artifacts/vulnerable-attempt2/get_body.txt",
    "artifacts/vulnerable-attempt2/get_headers.txt",
    "artifacts/fixed-attempt1/get_body.txt",
    "artifacts/fixed-attempt1/get_headers.txt",
    "artifacts/fixed-attempt2/get_body.txt",
    "artifacts/fixed-attempt2/get_headers.txt"
  ],
  "notes": "Authenticated PUT upload of .shtml containing SSI #exec followed by GET executed the command (id; uname -a) and returned the output in both vulnerable attempts. The NO_POPEN build (fixed control) did not return command output in either attempt."
}
