Exploitation Summary
EIP tracks 4 public exploits for CVE-2006-6204. PoCs published by ajann, laurent gaffie.
AI-analyzed exploit summary This exploit demonstrates SQL injection and XSS vulnerabilities in Enthrallweb eHomes 1.0. The SQLi allows unauthorized data retrieval via a crafted URL parameter, while the XSS enables arbitrary script execution.
Description
Multiple SQL injection vulnerabilities in Enthrallweb eHomes allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to (a) dircat.asp; the (2) sid parameter to (b) dirSub.asp; the (3) TYPE_ID parameter to (c) types.asp; the (4) AD_ID parameter to (d) homeDetail.asp; the (5) cat parameter to (e) result.asp; the (6) compare, (7) clear, and (8) adID parameters to (f) compareHomes.asp; and the (9) aminprice, (10) amaxprice, and (11) abedrooms parameters to (g) result.asp.
Exploits (4)
This exploit demonstrates SQL injection and XSS vulnerabilities in Enthrallweb eHomes 1.0. The SQLi allows unauthorized data retrieval via a crafted URL parameter, while the XSS enables arbitrary script execution.
The provided text describes SQL injection vulnerabilities in eHome's 'result.asp' page due to improper input sanitization. It includes example URLs demonstrating how an attacker could inject SQL queries via the 'aminprice', 'amaxprice', and 'abedrooms' parameters.
The provided text describes a vulnerability in eHome software, specifically SQL injection and XSS issues due to improper input sanitization. It includes a generic example URL for SQL injection but lacks actual exploit code.
The provided text describes SQL injection vulnerabilities in eHome's compareHomes.asp page due to improper input sanitization. It includes example URLs demonstrating the vulnerability but lacks executable exploit code.