ejabberd - Comments for "Authenticate Against MySQL with Python" https://www.ejabberd.im/ejabberd-auth-mysql en Thanks for reporting. Fixed. https://www.ejabberd.im/ejabberd-auth-mysql#comment-66464 <p>Thanks for reporting. Fixed.</p> Wed, 23 Dec 2015 18:01:31 +0000 badlop comment 66464 at https://www.ejabberd.im SQL injection https://www.ejabberd.im/ejabberd-auth-mysql#comment-66459 <p>The script has an <strong>SQL injection vulnerability</strong>.</p> <p>Fix it by replacing line 75 with the following:<br /> <code>dbcur.execute(&quot;SELECT %s,%s FROM %s WHERE %s = %%s&quot;%(db_username_field, db_password_field, db_table, db_username_field), (in_user))</code></p> <p>Also, be aware that this script only works with Python 2.</p> Sat, 19 Dec 2015 23:58:06 +0000 cdauth comment 66459 at https://www.ejabberd.im