<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Vulnwatch: zOOM Media Gallery - Simple SQL Injection discovery

zOOM Media Gallery - Simple SQL Injection discovery

From: Andreas Constantinides <aconstantinides_at_OdysseyConsultants.com>
Date: Mon, 11 Apr 2005 08:24:41 +0300

Description:
zOOm Media Gallery (http://zoom.ummagumma.nl) is a php/sql component+module for MamboCMS and is in use by many sites of the internet.

        I discover a simple SQL Injection in it.

Affected Versions:
      zOOm Image Gallery 2.1.2, *

POC:
      It is possible to proof my concept using the original site of zOOM:
              http://zoom.ummagumma.nl/mikedeboer/index.php?option=com_zoom&Itemid=39&catid=2+OR+1=1
        the above url can show all images in all categories of images of the zOOM gallery database but other commands are also possible that can result in a database owning.

Andreas Constantinides
www.megahz.org
www.odysseyconsultants.com
Received on Apr 11 2005

This message: [ Message body ]
Next message: Andrew: "Microsoft Windows image rendering DoS vuln"
Previous message: NGSSoftware Insight Security Research: "Sybase ASE Multiple Security Issues (#NISR05042005)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos