Problem when trying to store NAS-Port-ID into radpostauth table
Alan DeKok
aland at deployingradius.com
Fri Sep 17 15:51:41 CEST 2021
On Sep 17, 2021, at 9:14 AM, Antônio Modesto <modesto at hubsoft.com.br> wrote:
> That's really a problem. I did some tests and I don't think it is possible to do sql injection without allowing a single quote in safe_characters. Am I missing something?
Backslashes? Various other things? You'll have to investigate your particular database in detail to see what's possible.
We've listed what we know is safe. Anything else is potentially dangerous.
Alan DeKok.
More information about the Freeradius-Users
mailing list