Dreamhosters Hacked.

Publicated on : 1181000385
It seems dreamhost users are under attack. A blog reported about it today and there seems to be a ton of commotion going on in the dreamhost support forums. Well what can I say? Another broken dream. Oh, and it took me 5 seconds to find a XSS hole in their customer login panel screen. But who cares, they only got 500.000 domains hosted. 2 XSS vulnerabilities and 1 SQL injection:

User panel:
Click to launch

Knowledge base:
Click to launch

SQL injection point found while drinking my coffee just now:
Click to launch

Next please!