CVE-2005-0929

Exploitation Summary

EIP tracks 3 public exploits for CVE-2005-0929. PoCs published by CoBRa_21, Diabolic Crab.

AI-analyzed exploit summary This is a writeup describing SQL injection vulnerabilities in PhotoPost PHP 4.6.5 via the 'ecard' and 'photo' parameters. It provides example URLs but no functional exploit code.

Description

SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote attackers to execute arbitrary SQL commands via (1) the sl parameter to showmembers.php or (2) the photo parameter to showphoto.php.

Exploits (3)

exploitdb WRITEUP VERIFIED

by CoBRa_21 · textwebappsphp

https://www.exploit-db.com/exploits/14453

View Code ZIP pw:eip

This is a writeup describing SQL injection vulnerabilities in PhotoPost PHP 4.6.5 via the 'ecard' and 'photo' parameters. It provides example URLs but no functional exploit code.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: PhotoPost PHP 4.6.5

No auth needed

Prerequisites: access to the vulnerable PhotoPost PHP application

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Diabolic Crab · textwebappsphp

https://www.exploit-db.com/exploits/25312

View Code ZIP pw:eip

The provided text describes multiple input validation vulnerabilities in PhotoPost Pro, including XSS and SQL injection flaws. It outlines affected scripts and potential attack vectors but does not include executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: PhotoPost Pro (version not specified)

No auth needed

Prerequisites: Access to vulnerable PhotoPost Pro instance

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Diabolic Crab · textwebappsphp

https://www.exploit-db.com/exploits/25311

View Code ZIP pw:eip

The provided text describes multiple input validation vulnerabilities in PhotoPost Pro, including XSS and SQL injection flaws. It outlines affected scripts and attack vectors but does not include executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: PhotoPost Pro (version not specified)

No auth needed

Prerequisites: Access to vulnerable PhotoPost Pro instance

MITRE ATT&CK