EIP-2026-105221

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105221. PoCs published by G-B.

AI-analyzed exploit summary This PHP script demonstrates a blind SQL injection vulnerability in ArDown (all versions) by extracting admin credentials character-by-character via time-based inference. It targets the 'ajax_like.php' endpoint with crafted SQL queries to leak username and password data.

Description

AraDown - Blind SQL Injection

Exploits (1)

exploitdb WORKING POC VERIFIED

by G-B · phpwebappsphp

https://www.exploit-db.com/exploits/20344

View Code ZIP pw:eip

This PHP script demonstrates a blind SQL injection vulnerability in ArDown (all versions) by extracting admin credentials character-by-character via time-based inference. It targets the 'ajax_like.php' endpoint with crafted SQL queries to leak username and password data.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: ArDown (All Versions)

No auth needed

Prerequisites: Target must be running ArDown with vulnerable 'ajax_like.php' endpoint · Network access to the target server

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

AraDown - Blind SQL Injection

Exploitation Summary

Description

Exploits (1)

Details