Skip to main content

Sorcery Blog

Tag: phppgadmin

Auth Bypass in ADOdb CVE-2021-3850

I first decided to look at phpPgAdmin after reading this blog post that someone wrote up about abusing it to get a bug bounty. After reading through the source I discovered a bug in the library it was using to interact with Postgres. When a user logs in the username and password is filtered by this function: function adodb_addslashes($s) { $len = strlen($s); if ($len == 0) return "''"; if (strncmp($s,"'",1) === 0 && substr($s,$len-1) == "'") return $s; // already quoted return "'".