Database Manager Default pass
Tunis the 31/jan/2006
bug found by Fireboy
fireboynet@xxxxxxxxxxxx
Product affected:DBMan for Windows and Unix
Product vendor: http://www.gossamer-threads.com
the problem with DBman is default passwords
these are default pass :
admin/admin,author/author,guest/guest
if the admin not change the pass , anyone can access the db and make
changes/delete information.
the script of dbman is db.cgi and from that script , malicious action can be
done.
fix:
change default passwords
exploit:
google:"Database Manager Demo:"
that's all
thanks