16 Sep
2021
16 Sep
'21
4:32 p.m.
On 16/09/2021 16:23, Alan DeKok wrote:
On Sep 16, 2021, at 2:57 PM, Antônio Modesto <modesto@hubsoft.com.br> wrote:
The unescape didn't solve the problem. I had to add ";" and "=" to the safe_characters variable to solve it for now. People can now do SQL injection attacks, and break into your SQL server.
Please don't do that.
Alan DeKok. From our application I don't think that it is possible. Only if the attacker pretended to be a known NAS server. Do you have any other suggestion?
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html