<<< Date Index >>>     <<< Thread Index >>>

Database Manager Default pass



Tunis the 31/jan/2006
bug found by Fireboy
fireboynet@xxxxxxxxxxxx

Product affected:DBMan for Windows and Unix  
Product vendor: http://www.gossamer-threads.com

the problem with DBman is default passwords

these are default pass :

admin/admin,author/author,guest/guest

if the admin not change the pass , anyone can access the db and make 
changes/delete information.

the script of dbman is db.cgi and from that script , malicious action can be 
done.

fix:
change default passwords

exploit:
google:"Database Manager Demo:"

that's all
thanks