EIP-2026-109526

PRE-CVE

Mobile Mp3 Search Script 2.0 - 'dl.php' HTTP Response Splitting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109526. PoCs published by Corrado Liotta.

AI-analyzed exploit summary The provided text describes an HTTP response splitting vulnerability in Mobile Mp3 Search Script 2.0, where unsanitized user input in the 'url' parameter of 'dl.php' can be exploited to manipulate HTTP responses. The vulnerability could be used to misrepresent web content or facilitate further attacks.

Description

Mobile Mp3 Search Script 2.0 - 'dl.php' HTTP Response Splitting

Exploits (1)

exploitdb WRITEUP VERIFIED

by Corrado Liotta · textwebappsphp

https://www.exploit-db.com/exploits/36878

View Code ZIP pw:eip

The provided text describes an HTTP response splitting vulnerability in Mobile Mp3 Search Script 2.0, where unsanitized user input in the 'url' parameter of 'dl.php' can be exploited to manipulate HTTP responses. The vulnerability could be used to misrepresent web content or facilitate further attacks.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Mobile Mp3 Search Script 2.0

No auth needed

Prerequisites: Access to the vulnerable endpoint · Ability to craft malicious URLs

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026