CVE-2006-5057

ktools.net PhotoStore - Cross-Site Scripting via gid or photogid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-5057. PoCs published by meto5757.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Photostore, where insufficient input sanitization allows arbitrary script execution in a user's browser context. The example URL demonstrates the vulnerability but does not include executable exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Ktools.net PhotoStore allow remote attackers to inject arbitrary web script or HTML via the (1) gid parameter in details.php, or the (2) photogid parameter in view_photog.php.

Exploits (2)

exploitdb WRITEUP VERIFIED
by meto5757 · textwebappsphp
https://www.exploit-db.com/exploits/28663

The provided text describes a cross-site scripting (XSS) vulnerability in Photostore, where insufficient input sanitization allows arbitrary script execution in a user's browser context. The example URL demonstrates the vulnerability but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: Photostore (version not specified)
No auth needed
Prerequisites: Access to a vulnerable Photostore instance · User interaction to trigger the XSS payload
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by meto5757 · textwebappsphp
https://www.exploit-db.com/exploits/28662

The provided text describes a cross-site scripting (XSS) vulnerability in Photostore, where insufficient input sanitization allows arbitrary script execution in a user's browser context. The example URL demonstrates the vulnerability in the 'gid' parameter of the 'details.php' page.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: Photostore (version not specified)
No auth needed
Prerequisites: Access to a vulnerable Photostore instance · Ability to craft a malicious URL with XSS payload
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1640
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22122
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20172
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3781
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/446909/100/0/threaded

Scores

EPSS 0.0202
EPSS Percentile 78.4%

Details

Status published
Products (1)
ktools.net/photostore
Published Sep 28, 2006
Tracked Since Feb 18, 2026