EIP-2026-105221

This PHP script demonstrates a blind SQL injection vulnerability in ArDown (all versions) by extracting admin credentials character-by-character via time-based inference. It targets the 'ajax_like.php' endpoint with crafted SQL queries to leak username and password data.