Database Manager Default pass

Tunis the 31/jan/2006
bug found by Fireboy
[email protected]

Product affected:DBMan for Windows and Unix
Product vendor: http://www.gossamer-threads.com

the problem with DBman is default passwords

these are default pass :

admin/admin,author/author,guest/guest

if the admin not change the pass , anyone can access the db and make changes/delete information.

the script of dbman is db.cgi and from that script , malicious action can be done.

fix:
change default passwords

exploit:
google:"Database Manager Demo:"

that's all
thanks