Subject: zOOM Media Gallery - Simple SQL Injection discovery
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Date: Wed, 13 Apr 2005 08:02:12 +0300
Message-ID: <C9D9636D25E0C34991E792F51CAB84E93861FD@ithaki.odysseyconsultants.com.>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: zOOM Media Gallery - Simple SQL Injection discovery
Thread-Index: AcU8B5RoCQeknGUhTLSNVj1gH+jnvQCTeJqgAABLZ+AAY+xrUA==
From: "Andreas Constantinides" <aconstantinides@OdysseyConsultants.com.>
To: <bugtraq@securityfocus.com.>
X-ESAFE-STATUS:Mail clean
X-ESAFE-DETAILS: Clean
X-Virus-Scanned: antivirus-gw at tyumen.ru
Description:
zOOm Media Gallery (http://zoom.ummagumma.nl) is a php/sql component+mo=
dule for MamboCMS and is in use by many sites of the internet.
I discover a simple SQL Injection in it.
=A0
Affected Versions:
zOOm Image Gallery 2.1.2, *
=A0
POC:
It is possible to proof my concept using the original site of zOOM:
http://www.example.com/index.php?option=3Dcom_zoom&Itemid=3D39&cat=
id=3D2+OR+1=3D1 =20
the above url can show all images in all categories of images of the zO=
OM gallery database but other commands are also possible that can resul=
t in a database owning.
=A0
Andreas Constantinides
www.megahz.org=20
www.odysseyconsultants.com
