Network Security: Detailed info on [VulnWatch] zOOM Media Gallery

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security VulnWatch

Subject:	[VulnWatch] zOOM Media Gallery - Simple SQL Injection discovery
Date:	Mon, 11 Apr 2005 08:24:41 +0300

Subject:

[VulnWatch] zOOM Media Gallery - Simple SQL Injection discovery

Date:

Mon, 11 Apr 2005 08:24:41 +0300

Description: zOOm Media Gallery (http://zoom.ummagumma.nl) is a php/sql component+module for MamboCMS and is in use by many sites of the internet. I discover a simple SQL Injection in it. Affected Versions: zOOm Image Gallery 2.1.2, * POC: It is possible to proof my concept using the original site of zOOM: http://zoom.ummagumma.nl/mikedeboer/index.php?option=com_zoom&Itemid=39&catid=2+OR+1=1 the above url can show all images in all categories of images of the zOOM gallery database but other commands are also possible that can result in a database owning. Andreas Constantinides www.megahz.org www.odysseyconsultants.com

<Prev in Thread]	Current Thread	[Next in Thread>
[VulnWatch] zOOM Media Gallery - Simple SQL Injection discovery, Andreas Constantinides <=

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	iDEFENSE Security Advisory 04.08.05: Microsoft Multiple E-Mail Client Address Spoofing Vulnerability, iDEFENSE Labs
Next by Date:	iDEFENSE Security Advisory 04.11.05: Computer Associates BrightStor ARCserve Backup UniversalAgent Buffer Overflow, iDEFENSE Labs
Previous by Thread:	iDEFENSE Security Advisory 04.08.05: Microsoft Multiple E-Mail Client Address Spoofing Vulnerability, iDEFENSE Labs
Next by Thread:	iDEFENSE Security Advisory 04.11.05: Computer Associates BrightStor ARCserve Backup UniversalAgent Buffer Overflow, iDEFENSE Labs
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

iDEFENSE Security Advisory 04.08.05: Microsoft Multiple E-Mail Client Address Spoofing Vulnerability, iDEFENSE Labs

Next by Date:

iDEFENSE Security Advisory 04.11.05: Computer Associates BrightStor ARCserve Backup UniversalAgent Buffer Overflow, iDEFENSE Labs

Previous by Thread:

iDEFENSE Security Advisory 04.08.05: Microsoft Multiple E-Mail Client Address Spoofing Vulnerability, iDEFENSE Labs

Next by Thread:

iDEFENSE Security Advisory 04.11.05: Computer Associates BrightStor ARCserve Backup UniversalAgent Buffer Overflow, iDEFENSE Labs

Indexes:

[Date] [Thread] [Top] [All Lists]