EIP-2026-111998

This exploit demonstrates a file inclusion vulnerability in Serendipity 2.4.0, allowing an authenticated attacker to upload an HTML file containing a malicious WebSocket client. The WebSocket connects to an attacker-controlled server, enabling data exfiltration or further exploitation.