EIP-2026-106326
PRE-CVECythosia 2.x Botnet (C2 Web Panel) - SQL Injection
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-106326. PoCs published by GalaxyAndroid.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Cythosia Botnet's 'socks5.php' file, allowing an attacker to extract MySQL version and user information via crafted POST requests. The vulnerability arises from unsanitized user input in the 'hwid' parameter.
Description
Cythosia 2.x Botnet (C2 Web Panel) - SQL Injection
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by GalaxyAndroid · textwebappsphp
https://www.exploit-db.com/exploits/30238
This exploit demonstrates a SQL injection vulnerability in Cythosia Botnet's 'socks5.php' file, allowing an attacker to extract MySQL version and user information via crafted POST requests. The vulnerability arises from unsanitized user input in the 'hwid' parameter.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
Cythosia Botnet 2.x
No auth needed
Prerequisites:
Access to the target web application · Network connectivity to the target server
mistral-large-3 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026