[VulnWatch] zOOM Media Gallery - Simple SQL Injection discovery

From: Andreas Constantinides (aconstantinides@private)
Date: Sun Apr 10 2005 - 22:24:41 PDT

Previous message: NGSSoftware Insight Security Research: "[VulnWatch] Sybase ASE Multiple Security Issues (#NISR05042005)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Description:
	zOOm Media Gallery (http://zoom.ummagumma.nl) is a php/sql 	component+module for 	MamboCMS and is in use by many sites of the internet.

	I discover a simple SQL Injection in it.
 
Affected Versions:
      zOOm Image Gallery 2.1.2, *
 
POC:
      It is possible to proof my concept using the original site of zOOM:
      	http://zoom.ummagumma.nl/mikedeboer/index.php?option=com_zoom&Itemid=39&catid=2+OR+1=1   
	the above url can show all images in all categories of images of the 	zOOM 	gallery database but other commands are also possible that can 	result in a	database owning.
 

Andreas Constantinides
www.megahz.org 
www.odysseyconsultants.com

Previous message: NGSSoftware Insight Security Research: "[VulnWatch] Sybase ASE Multiple Security Issues (#NISR05042005)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Apr 11 2005 - 08:10:52 PDT