Using a modified version of phpBB, Ars Technica's Peter Bright shows how to inject a SQL query to access the admin without a password.
