[VulnWatch] zOOM Media Gallery - Simple SQL Injection discovery

From: Andreas Constantinides (aconstantinides_at_OdysseyConsultants.com)
Date: 04/11/05

Next message: Andrew: "[VulnWatch] Microsoft Windows image rendering DoS vuln"

Previous message: NGSSoftware Insight Security Research: "[VulnWatch] Sybase ASE Multiple Security Issues (#NISR05042005)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 11 Apr 2005 08:24:41 +0300
To: <bugtraq@securityfocus.com>

Description:
zOOm Media Gallery (http://zoom.ummagumma.nl) is a php/sql component+module for MamboCMS and is in use by many sites of the internet.

        I discover a simple SQL Injection in it.

Affected Versions:
      zOOm Image Gallery 2.1.2, *

POC:
      It is possible to proof my concept using the original site of zOOM:
              http://zoom.ummagumma.nl/mikedeboer/index.php?option=com_zoom&Itemid=39&catid=2+OR+1=1
        the above url can show all images in all categories of images of the zOOM gallery database but other commands are also possible that can result in a database owning.

Andreas Constantinides
www.megahz.org
www.odysseyconsultants.com

Next message: Andrew: "[VulnWatch] Microsoft Windows image rendering DoS vuln"

Previous message: NGSSoftware Insight Security Research: "[VulnWatch] Sybase ASE Multiple Security Issues (#NISR05042005)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]