Exploitation Summary
EIP tracks 1 public exploit for EIP-2026-100397. PoCs published by Arash Setayeshi.
AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in Lootan, where unsanitized user input in the 'username' parameter of login.asp can be exploited to manipulate SQL queries. No actual exploit code is present, only a description and example URL.
Description
Lootan - 'login.asp' SQL Injection
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Arash Setayeshi · textwebappsasp
https://www.exploit-db.com/exploits/32758
The provided text describes an SQL injection vulnerability in Lootan, where unsanitized user input in the 'username' parameter of login.asp can be exploited to manipulate SQL queries. No actual exploit code is present, only a description and example URL.
Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target:
Lootan (version unspecified)
No auth needed
Prerequisites:
Access to the vulnerable login.asp endpoint
mistral-large-3 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026