Authenticate Against MySQL with Python

Name: ejabberd-auth-mysql
Author: Cdauth
Requirements: Python 2
Download: ejabberd-auth-mysql github page
Older version:
Name: check_mysql_python
Author: Iltl
Requirements: Python 2
Download: check_mysql_python.txt

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

SQL injection

The script has an SQL injection vulnerability.

Fix it by replacing line 75 with the following:
dbcur.execute("SELECT %s,%s FROM %s WHERE %s = %%s"%(db_username_field, db_password_field, db_table, db_username_field), (in_user))

Also, be aware that this script only works with Python 2.

Thanks for reporting. Fixed.

Thanks for reporting. Fixed.

Syndicate content