CVE-2006-6205

Enthrallweb eHomes - Cross-Site Scripting via City or State Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6205. PoCs published by laurent gaffie.

AI-analyzed exploit summary The provided text describes input-validation vulnerabilities in eHome, including XSS and SQL injection, but does not contain executable exploit code. It outlines potential attack vectors via URL parameters.

Description

Multiple cross-site scripting (XSS) vulnerabilities in result.asp in Enthrallweb eHomes allow remote attackers to inject arbitrary web script or HTML via the (1) city or (2) State parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by laurent gaffie · textwebappsasp

https://www.exploit-db.com/exploits/29124

View Code ZIP pw:eip

The provided text describes input-validation vulnerabilities in eHome, including XSS and SQL injection, but does not contain executable exploit code. It outlines potential attack vectors via URL parameters.

Classification

Writeup 90%

Attack Type

Xss | Sqli

Complexity

Trivial

Reliability

Theoretical

Target: eHome (version unspecified)

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK