my domain is: ',); DROP mails;-- Sanitise your inputs
--- âLanie, Iâm going to print more printers. Lots more printers. One for everyone. Thatâs worth going to jail for. Thatâs worth anything.â - Printcrime by Cory Doctrow Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html On Mon, Jun 1, 2015 at 6:16 PM, Okupandolared <[email protected]> wrote: > Really you could use php to insert into mysql, > > but as I need to run ejabberdctl and smtpdctl. > > I thought it would do everything from bash > > I have no idea how it could call smtpctl from php, maybe you go look at > python. > > On 06/01/15 10:09, Gareth Nelson wrote: > > Why on earth are you using the shell to insert into MySQL? > > > > I would redesign this whole setup under the guidance of someone more > > experienced to be honest, there's MANY mistakes you're making here, and > > thus likely other mistakes > > > > --- > > ââ¬ÅLanie, Iââ¬â¢m going to print more printers. Lots more printers. One for > > everyone. Thatââ¬â¢s worth going to jail for. Thatââ¬â¢s worth anything.â⬠- > > Printcrime by Cory Doctrow > > > > Please avoid sending me Word or PowerPoint attachments. > > See http://www.gnu.org/philosophy/no-word-attachments.html > > > > On Mon, Jun 1, 2015 at 4:05 PM, Jiri B <[email protected]> wrote: > > > >> On Mon, Jun 01, 2015 at 11:49:39AM -0500, Okupandolared wrote: > >>> Hi, > >>> > >>> I have an web form. > >>> > >>> I need send of webform to script bash > >>> > >>> webform.html --> PHP proces --> create.sh > >>> > >>> create.sh > >>> #!/bin/ksh > >>> # Create user > >>> > >>> echo "hi!! your pass $1" > >>> crypted="$(echo -n "$1" | smtpctl encrypt )" > >>> maildir="$3/$2/" > >>> echo -e "$2@$3" >> recipients > >>> echo -e "$2@$3\t$crypted" >> credentials > >>> echo "ejabberdctl register $2 $3 $1" > >>> echo "INSERT INTO mails (userid, domain, password, maildir) VALUES > >>> ('$2', '$3','$crypted', '$maildir');" | mysql -umyuser -mypass mail; > >> > >> Hoho, it won't run in chroot, smtpd doesn't have socket > >> in chroot, same for ejabberctl. > >> > >> You need to have some lightweight communication > >> "protocol" between chroot and an app outside which would > >> sanitize input and do the work. > >> > >> j.
