EIP-2026-103258

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103258. PoCs published by David Tomaschik.

AI-analyzed exploit summary This exploit demonstrates an information leakage vulnerability in Alerton Webtalk software, where unauthenticated users can access password hashes stored in an SQLite database via a predictable path derived from the configuration file. The script automates the retrieval and parsing of the configuration file and the subsequent extraction of user credentials from the database.

Description

Alerton Webtalk 2.5/3.3 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by David Tomaschik · pythonwebappslinux

https://www.exploit-db.com/exploits/41950

View Code ZIP pw:eip

This exploit demonstrates an information leakage vulnerability in Alerton Webtalk software, where unauthenticated users can access password hashes stored in an SQLite database via a predictable path derived from the configuration file. The script automates the retrieval and parsing of the configuration file and the subsequent extraction of user credentials from the database.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Alerton Webtalk versions 2.5 and 3.3

No auth needed

Prerequisites: Network access to the target server · Webtalk software exposed to the internet or accessible network

MITRE ATT&CK

T1592 - Gather Victim Host Information T1087 - Account Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Alerton Webtalk 2.5/3.3 - Multiple Vulnerabilities

Exploitation Summary

Description

Exploits (1)

Details