The vulnerability is located in the event subscription function, and the corresponding code file is src/scene_server/event_server/service/subscription.go.

Deserialize the request body into a ParamSubscriptionTestCallback object through JSON, and then construct a POST request based on the callbackurl and callbackBody parameters, so the URL and the content of the POST request are fully controllable.

Access local port 8090 through SSRF vulnerability.