zOOM Media Gallery - Simple SQL Injection discovery

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: zOOM Media Gallery - Simple SQL Injection discovery
From: "Andreas Constantinides" <aconstantinides@xxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 13 Apr 2005 08:02:12 +0300
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Thread-index: AcU8B5RoCQeknGUhTLSNVj1gH+jnvQCTeJqgAABLZ+AAY+xrUA==
Thread-topic: zOOM Media Gallery - Simple SQL Injection discovery


Description:
        zOOm Media Gallery (http://zoom.ummagumma.nl) is a php/sql      
component+module for    MamboCMS and is in use by many sites of the internet.

        I discover a simple SQL Injection in it.
 
Affected Versions:
      zOOm Image Gallery 2.1.2, *
 
POC:
      It is possible to proof my concept using the original site of zOOM:
        
http://www.example.com/index.php?option=com_zoom&Itemid=39&catid=2+OR+1=1   
        the above url can show all images in all categories of images of the    
zOOM    gallery database but other commands are also possible that can  result 
in a     database owning.
 

Andreas Constantinides
www.megahz.org 
www.odysseyconsultants.com

Prev by Date: 'Widcomm BTW (Microsoft Windows BT stack) Directory Transversal'
Next by Date: Patch available for critical Veritas i3 Server vulnerability
Previous by thread: 'Widcomm BTW (Microsoft Windows BT stack) Directory Transversal'
Next by thread: Patch available for critical Veritas i3 Server vulnerability
Index(es):
- Date
- Thread