Adrian wrote:
Hi,
I've noticed that SQL Injection is possible when using a SQL Query for
SMTP AUTH.
By having
server_condition = ${if crypteq {$3}{${lookup pgsql {SELECT password FROM users
WHERE username='$2'}}}{yes}{no}}
in the authenticator it was possible for me to execute a bad SQL query
Adrian wrote:
> By having
> server_condition = ${if crypteq {$3}{${lookup pgsql {SELECT password FROM
> users WHERE username='$2'}}}{yes}{no}}
> in the authenticator it was possible for me to execute a bad SQL query
> by sending this username:
> test'; INSERT INTO valid_email_addresses VALUES ('a