Dream Vision Technologies SQL Injection Vulnerability

vendor:

Dream Vision Technologies Web Application

by:

eXeSoul

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Dream Vision Technologies Web Application

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2011

Dream Vision Technologies SQL Injection Vulnerability

The vulnerability exists in the Dream Vision Technologies Pvt Ltd web application. An attacker can exploit the vulnerability by sending malicious SQL queries to the vulnerable parameter in the URL. For example, http://site.com/product.php?sid=[SQLI] or http://site.com/detail.php?id=[SQLI]

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

#####################################################################################
# Title : Dream Vision Technologies SQL Injection Vulnerability
#
# Author: eXeSoul
#
# Home  : 1337day.com or www.indishell.in /www.andhrahackers.com
#
# Email : exe.soul@live.com
#
# date  : 6/04/2011
#
# d0rk:-  Developed and Managed by Dream Vision Technologies Pvt Ltd
#		       
# category  : Web Apps [SQli]
#       
####################################################################################
####################################################################################
#
#
#
#    Go To Site :-
#
#   
#  
#    *SQL injection Vulnerability*
#
#
#
#      [+][php]
#
#      [*]http://site.com/product.php?sid=17'
#      [*]http://site.com/product.php?sid=[SQLI]	
#
#      [*]http://site.com/detail.php?id=7'
#      [*]http://site.com/detail.php?id=[SQLI]
#
#      find any file like .php?id or sid whatever , mostly all are vul..... to sqli.!
#
#     => PROUD TO BE AN INDIAN | Anythning for INDIA | JAI-HIND | Maa Tujhe Salam
#
#     => c0d3 for motherland, h4ck for motherland
#
#
#   
#    [#] DOne now time to rock \m/
#
#   
#
####################################################################
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
<3 Love: -[SiLeNtp0is0n]-, stRaNgEr(lucky), inX_rOot, NEO H4cK3R, DarkL00k, Th3 RDX,
G00g!3 W@rr!0r, Nazz ,r45c4l, str1k3r, co0Lt04d , ATUL DWIVEDI , Jackh4xor , Bon3 ,
Badboy-Albinia, Mr.SK , I-H Guru,X__HMG, AK-47, [ICW] [Andhra Hackers], Ethical N00b,Maxy,Brueni,
[Indishell crew], r0073r.!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
############################################
#
#  I'm eXeSoul  member from Inj3ct0r Team
#
############################################
####################################################################
#
#  Bug discovered : 3 April 2011
####################################################################
#
# Jay Mahadev.!!  Jay shree Ram.!! jay Shree krishna.!! Jay hind.!!
#
####################################################################
#
#
# 1337day.com [2011-04-06]
####################################################################