Auth Bypass in ADOdb CVE-2021-3850
I first decided to look at phpPgAdmin after reading this blog post that someone wrote up about abusing it to get a bug bounty. After reading through the source I discovered a bug in the library it was using to interact with Postgres.
When a user logs in the username and password is filtered by this function: function adodb_addslashes($s) { $len = strlen($s); if ($len == 0) return "''"; if (strncmp($s,"'",1) === 0 && substr($s,$len-1) == "'") return $s; // already quoted return "'".
2022-01-26