CVE-2021-44249

CRITICAL

Online Motorcycle (Bike) Rental System 1.0 - Blind Time-Based SQL Injection via Login Portal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-44249. PoCs published by Chase Comardelle.

AI-analyzed exploit summary This exploit demonstrates a blind time-based SQL injection vulnerability in Online Motorcycle (Bike) Rental System 1.0, allowing unauthenticated attackers to dump database credentials via time delays.

Description

Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials.

Exploits (1)

exploitdb WORKING POC

by Chase Comardelle · pythonwebappsphp

https://www.exploit-db.com/exploits/50429

View Code ZIP pw:eip

This exploit demonstrates a blind time-based SQL injection vulnerability in Online Motorcycle (Bike) Rental System 1.0, allowing unauthenticated attackers to dump database credentials via time delays.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Online Motorcycle (Bike) Rental System 1.0

No auth needed

Prerequisites: Target application accessible via HTTP · MySQL database backend

MITRE ATT&CK

T1505 - Server Software Component T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/50429

Exploit, Third Party Advisory x_refsource_misc

https://doctorzorka.github.io/Exploits/exploit-1.html

Scores

CVSS v3 9.8

EPSS 0.0183

EPSS Percentile 76.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

online_motorcycle_\(bike\)_rental_system_project/online_motorcycle_\(bike\)_rental_system 1.0

Published Jan 28, 2022

Tracked Since Feb 18, 2026