EIP-2026-100397

PRE-CVE

Lootan - 'login.asp' SQL Injection

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100397. PoCs published by Arash Setayeshi.

AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in Lootan, where unsanitized user input in the 'username' parameter of login.asp can be exploited to manipulate SQL queries. No actual exploit code is present, only a description and example URL.

Description

Lootan - 'login.asp' SQL Injection

Exploits (1)

exploitdb WRITEUP VERIFIED
by Arash Setayeshi · textwebappsasp
https://www.exploit-db.com/exploits/32758

The provided text describes an SQL injection vulnerability in Lootan, where unsanitized user input in the 'username' parameter of login.asp can be exploited to manipulate SQL queries. No actual exploit code is present, only a description and example URL.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Lootan (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable login.asp endpoint
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026