EIP-2026-104826

PRE-CVE

2DayBiz ybiz Freelance Script - SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104826. PoCs published by Easy Laster.

AI-analyzed exploit summary This Ruby script exploits a SQL injection vulnerability in the 'searchproject.php' script by injecting a UNION-based query to extract user credentials (ID, username, password, and email) from the 'members' table. The exploit uses HTTP requests to fetch and parse the response.

Description

2DayBiz ybiz Freelance Script - SQL Injection

Exploits (1)

exploitdb WORKING POC VERIFIED

by Easy Laster · rubywebappsphp

https://www.exploit-db.com/exploits/14075

View Code ZIP pw:eip

This Ruby script exploits a SQL injection vulnerability in the 'searchproject.php' script by injecting a UNION-based query to extract user credentials (ID, username, password, and email) from the 'members' table. The exploit uses HTTP requests to fetch and parse the response.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: 2daybiz Freelance Script (version unspecified)

No auth needed

Prerequisites: Target URL with vulnerable 'searchproject.php' script · User ID to extract credentials for

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026