EIP-2026-107253

PRE-CVE

Friends in War Make or Break 1.7 - Cross-Site Request Forgery (Change Admin Password)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107253. PoCs published by shinnai.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated password change vulnerability in Friends in War Make or Break 1.7. By submitting a POST request to the admin password edit endpoint, an attacker can change the admin password without authentication.

Description

Friends in War Make or Break 1.7 - Cross-Site Request Forgery (Change Admin Password)

Exploits (1)

exploitdb WORKING POC

by shinnai · htmlwebappsphp

https://www.exploit-db.com/exploits/42383

View Code ZIP pw:eip

This exploit demonstrates an unauthenticated password change vulnerability in Friends in War Make or Break 1.7. By submitting a POST request to the admin password edit endpoint, an attacker can change the admin password without authentication.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Friends in War Make or Break 1.7

No auth needed

Prerequisites: Access to the target application's admin password edit endpoint

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026