Adrian wrote:
Hi,
I've noticed that SQL Injection is possible when using a SQL Query for
SMTP AUTH.
By having
server_condition = ${if crypteq {$3}{${lookup pgsql {SELECT password FROM users
WHERE username='$2'}}}{yes}{no}}
in the authenticator it was possible for me to execute a bad SQL query
by sending this username:
test'; INSERT INTO valid_email_addresses VALUES ('adrian', '[EMAIL
PROTECTED]'); SELECT '
Is there a way to prevent this except by disabling write access for
ths database user (which is certainly not a way to circumvent sql
injection problems). Maybe there exists a function to escape the
arguments before they are inserted in the query?
Grant only SELECT access to the user accessing the database. Also make
use of ${*quote_pgsql...
http://www.exim.org/exim-html-4.60/doc/html/spec.html/ch09.html#id2546243
*
Warren
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
