ejabberd

Looking for ejabberd docs?

To access the most up-to-date ejabberd documentation, please visit docs.ejabberd.im »

Authenticate Against MySQL with Python

Submitted by mazeout on Mon, 2009-07-27 15:26

Name: ejabberd-auth-mysql

Author: Cdauth

Requirements: Python 2

Download: ejabberd-auth-mysql github page

Older version:

Name: check_mysql_python

Author: Iltl

Requirements: Python 2

Download: check_mysql_python.txt

SQL injection

Submitted by cdauth on Sat, 2015-12-19 23:58.

The script has an SQL injection vulnerability.

Fix it by replacing line 75 with the following:
dbcur.execute("SELECT %s,%s FROM %s WHERE %s = %%s"%(db_username_field, db_password_field, db_table, db_username_field), (in_user))

Also, be aware that this script only works with Python 2.

Thanks for reporting. Fixed.

Submitted by badlop on Wed, 2015-12-23 18:01.

Thanks for reporting. Fixed.

Looking for ejabberd docs?

Authenticate Against MySQL with Python

Comment viewing options

SQL injection

Thanks for reporting. Fixed.

User login

Navigation

Name:	ejabberd-auth-mysql
Author:	Cdauth
Requirements:	Python 2
Download:	ejabberd-auth-mysql github page

Name:	check_mysql_python
Author:	Iltl
Requirements:	Python 2
Download:	check_mysql_python.txt