CVE-2002-1427

Easy Homepage Creator 1.0 - Unauthenticated Arbitrary File Write via print_html_to_file

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1427. PoCs published by Arek Suroboyo.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in Easy Homepage Creator, allowing an attacker to modify any user's homepage by submitting a crafted POST request to the edit.cgi endpoint without proper authentication.

Description

The print_html_to_file function in edit.cgi for Easy Homepage Creator 1.0 does not check user credentials, which allows remote attackers to modify home pages of other users.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Arek Suroboyo · htmlwebappscgi

https://www.exploit-db.com/exploits/21658

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass vulnerability in Easy Homepage Creator, allowing an attacker to modify any user's homepage by submitting a crafted POST request to the edit.cgi endpoint without proper authentication.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Easy Homepage Creator

No auth needed

Prerequisites: Access to the target's edit.cgi endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/9696.php

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/5340

Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2002-07/0350.html

Scores

EPSS 0.0694

EPSS Percentile 93.3%

Details

Status published

Products (2)

easy_scripts_archive/advanced_easy_homepage_creator 1.0

easy_scripts_archive/easy_homepage_creator 1.0

Published Apr 11, 2003

Tracked Since Feb 18, 2026