EIP-2026-111688

PRE-CVE

RCBlog 1.03 - Authentication Bypass

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111688. PoCs published by Danny Moules.

AI-analyzed exploit summary This writeup describes an authentication bypass vulnerability in RCBlog 1.03 by exploiting predictable MD5 hash combinations in a cookie. The attacker can craft an 'rcb_id' cookie using known hashes to gain administrative access.

Description

RCBlog 1.03 - Authentication Bypass

Exploits (1)

exploitdb WRITEUP VERIFIED

by Danny Moules · textwebappsphp

https://www.exploit-db.com/exploits/7830

View Code ZIP pw:eip

This writeup describes an authentication bypass vulnerability in RCBlog 1.03 by exploiting predictable MD5 hash combinations in a cookie. The attacker can craft an 'rcb_id' cookie using known hashes to gain administrative access.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: RCBlog 1.03

No auth needed

Prerequisites: Access to the target's password.txt file · Knowledge of the target's PHP_SELF path · Knowledge of the attacker's public IP

MITRE ATT&CK

T1110.001 - Password Guessing T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026