New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please fix this SQL INJECTION CRITICAL ISSUE #2636
Comments
Comment by @alecpl on 21 Jan 2010 07:49 UTC And where is the issue? Are you using any plugins for login? |
Status changed by @alecpl on 21 Jan 2010 07:49 UTC new => closed |
Comment by AmilaDG on 21 Jan 2010 08:03 UTC Replying to alec:
|
Comment by @alecpl on 21 Jan 2010 08:06 UTC I'm unable to reproduce using svn-trunk version nor with some old pre 0.3. I have always "Login faild". So, we need more info about your environment/config. |
Comment by @alecpl on 21 Jan 2010 08:17 UTC Password is not used in any SQL query. You can see this when you enable sql_debug option. |
Comment by @alecpl on 21 Jan 2010 08:25 UTC Please enable imap_debug and attach logs/imap file here. We'll see what returns your IMAP server on login. I leave this ticket closed, because it's not an issue. |
Reported by AmilaDG on 21 Jan 2010 05:59 UTC as Trac ticket #1486444
Once i type my user name and type my password to login it is ok. done. with no errors. But the problem starting while i trying to MYSQL INJECTION. I type my user name and i type my password as[or 1=1;--**[BR]
it shows this[good thing IMAP server reject it. But Please Note This Is Really Critical Issue. Please Fix It.[BR]AmilaDG (Webmaster www.talk.lk)
Migrated-From: http://trac.roundcube.net/ticket/1486444
The text was updated successfully, but these errors were encountered: