EIP-2026-106474

PRE-CVE

DIY - 'did' Blind SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106474. PoCs published by Mr.SQL.

AI-analyzed exploit summary This Perl script performs a blind SQL injection attack against a vulnerable 'index_topic.php' endpoint by brute-forcing the admin password character-by-character. It uses a time-based or boolean-based approach to extract the MD5 hash of the admin password.

Description

DIY - 'did' Blind SQL Injection

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mr.SQL · perlwebappsphp

https://www.exploit-db.com/exploits/5816

View Code ZIP pw:eip

This Perl script performs a blind SQL injection attack against a vulnerable 'index_topic.php' endpoint by brute-forcing the admin password character-by-character. It uses a time-based or boolean-based approach to extract the MD5 hash of the admin password.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Unknown web application with 'index_topic.php' endpoint (likely outdated or custom CMS)

No auth needed

Prerequisites: Target with vulnerable 'index_topic.php' endpoint · Network access to the target · Perl environment with LWP::UserAgent

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026