BugTraq
zOOM Media Gallery - Simple SQL Injection discovery Apr 13 2005 05:02AM
Andreas Constantinides (aconstantinides OdysseyConsultants com)


Description:
zOOm Media Gallery (http://zoom.ummagumma.nl) is a php/sql component+module for MamboCMS and is in use by many sites of the internet.

I discover a simple SQL Injection in it.
 
Affected Versions:
zOOm Image Gallery 2.1.2, *
 
POC:
It is possible to proof my concept using the original site of zOOM:
http://www.example.com/index.php?option=com_zoom&Itemid=39&catid=2+OR+1=
1
the above url can show all images in all categories of images of the zOOM gallery database but other commands are also possible that can result in a database owning.
 

Andreas Constantinides
www.megahz.org
www.odysseyconsultants.com

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus