{
  "entrypoint_kind": "api_remote",
  "entrypoint_detail": "POST http://172.20.0.1:28080/api/webhook (and /api/application/webhook) with internal URL payload, then alarm batch job delivers SSRF POST",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "pinpoint-web:3.1.0",
    "pinpoint-batch:3.1.0",
    "pinpoint-hbase:3.1.0",
    "pinpoint-mysql",
    "zookeeper",
    "redis",
    "ssrf-listener"
  ],
  "proof_artifacts": [
    "logs/reproduction_steps.log",
    "logs/ppssrf-web.log",
    "logs/ppssrf-batch.log",
    "logs/ssrf-listener.log",
    "artifacts/cookies.txt",
    "artifacts/admin_cookies.txt",
    "artifacts/stored_webhooks.json",
    "artifacts/register_metadata.json",
    "artifacts/register_loopback.json",
    "artifacts/register_listener.json",
    "artifacts/create_alarm.json"
  ],
  "notes": "Authenticated ROLE_USER registers private/link-local URLs (169.254.169.254, 127.0.0.1) through /api/webhook. The alarm batch job then makes a real server-side POST to a controlled internal listener, proving SSRF."
}
