EIP-2026-114415

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114415. PoCs published by InATeam.

AI-analyzed exploit summary This PHP script exploits a SQL injection vulnerability in xBtiTracker by injecting a malicious cookie to extract user credentials (id, username, password, email) from the database. It uses a time-based blind SQLi technique with a crafted CONCAT_WS payload to leak data.

Description

xBtiTracker - SQL Injection

Exploits (1)

exploitdb WORKING POC VERIFIED

by InATeam · phpwebappsphp

https://www.exploit-db.com/exploits/12140

View Code ZIP pw:eip

This PHP script exploits a SQL injection vulnerability in xBtiTracker by injecting a malicious cookie to extract user credentials (id, username, password, email) from the database. It uses a time-based blind SQLi technique with a crafted CONCAT_WS payload to leak data.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: xbtit v.2.0.0 - revision 559 and older

No auth needed

Prerequisites: Target URL · User ID · Username

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

xBtiTracker - SQL Injection

Exploitation Summary

Description

Exploits (1)

Details