Exploitation Summary
EIP tracks 1 public exploit for EIP-2026-100354. PoCs published by Le Ngoc Son.
AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in HttpCombiner ASP.NET. The vulnerability allows remote attackers to read arbitrary files, such as web.config, by manipulating the 's' parameter in the HttpCombiner.ashx handler.
Description
HttpCombiner ASP.NET - Remote File Disclosure
Exploits (1)
exploitdb
WRITEUP
by Le Ngoc Son · textwebappsasp
https://www.exploit-db.com/exploits/34920
This is a writeup describing an information disclosure vulnerability in HttpCombiner ASP.NET. The vulnerability allows remote attackers to read arbitrary files, such as web.config, by manipulating the 's' parameter in the HttpCombiner.ashx handler.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
HttpCombiner v1.0
No auth needed
Prerequisites:
Target must have HttpCombiner.ashx exposed and accessible
mistral-large-3 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026