CVE-2006-1413

Exploitation Summary

EIP tracks 5 public exploits for CVE-2006-1413. PoCs published by r0t.

AI-analyzed exploit summary The provided text describes multiple XSS vulnerabilities in EZHomePagePro due to improper input sanitization. It includes example URLs demonstrating the vulnerabilities but does not contain executable exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in EZHomepagePro 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) adid or (2) aname parameter in (a) common/email.asp, (b) users/users_search.asp, or (c) users/users_profiles.asp; (3) page parameter in (d) users/users_calendar.asp; (4) usid parameter in (e) users/users_mgallery.asp; or (5) m parameter in (f) users/users_search.asp.

Exploits (5)

exploitdb WRITEUP VERIFIED

by r0t · textwebappsasp

https://www.exploit-db.com/exploits/27470

View Code ZIP pw:eip

The provided text describes multiple XSS vulnerabilities in EZHomePagePro due to improper input sanitization. It includes example URLs demonstrating the vulnerabilities but does not contain executable exploit code.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: EZHomePagePro

No auth needed

Prerequisites: Access to the vulnerable application

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by r0t · textwebappsasp

https://www.exploit-db.com/exploits/27472

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in EZHomePagePro, detailing the vulnerable parameters and attack vectors. It includes example URLs demonstrating how arbitrary script code can be executed in the context of the affected site.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: EZHomePagePro

No auth needed

Prerequisites: Access to the vulnerable application

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by r0t · textwebappsasp

https://www.exploit-db.com/exploits/27473

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in EZHomePagePro, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code via the 'usid' parameter.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: EZHomePagePro

No auth needed

Prerequisites: Access to the vulnerable application

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by r0t · textwebappsasp

https://www.exploit-db.com/exploits/27471

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in EZHomePagePro, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code into the 'page' parameter.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: EZHomePagePro

No auth needed

Prerequisites: Access to the vulnerable application

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by r0t · textwebappsasp

https://www.exploit-db.com/exploits/27469

View Code ZIP pw:eip

The provided text describes cross-site scripting (XSS) vulnerabilities in EZHomePagePro, specifically in the `/common/email.asp` endpoint due to improper input sanitization. It includes example URLs demonstrating the vulnerability but does not contain executable exploit code.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: EZHomePagePro

No auth needed

Prerequisites: Access to the vulnerable endpoint · User interaction to trigger the XSS

MITRE ATT&CK