Problem when trying to store NAS-Port-ID into radpostauth table
aland at deployingradius.com
Fri Sep 17 15:51:41 CEST 2021
On Sep 17, 2021, at 9:14 AM, Antônio Modesto <modesto at hubsoft.com.br> wrote:
> That's really a problem. I did some tests and I don't think it is possible to do sql injection without allowing a single quote in safe_characters. Am I missing something?
Backslashes? Various other things? You'll have to investigate your particular database in detail to see what's possible.
We've listed what we know is safe. Anything else is potentially dangerous.
More information about the Freeradius-Users