https://bugs.exim.org/show_bug.cgi?id=3066
--- Comment #8 from David Saez <david@???> ---
I found that the only way to reproduce it is to have the password hardcoded oin
the lookup:
warn condition = ${lookup mysql{servers=server/database/user/password;
INSERT INTO abuseols.emails \
(mid,fecha,ip,email) VALUES ( \
'${quote_mysql:$message_exim_id-$pid@$primary_hostname}', \
NOW(), \
'${quote_mysql:$sender_host_address}', \
'${sender_address}')} \
{yes}{no}}
10:04:35 31247 ╭considering: ${lookup
mysql{servers=server/database/user/password; INSERT INTO abuseols.emails
(mid,fecha,ip,email) VALUES (
'${quote_mysql:$message_exim_id-$pid@$primary_hostname}', NOW(),
'${quote_mysql:$sender_host_address}', '${sender_address}')} {yes}{no}}
...
10:04:35 31247 ╰─────result: servers=server/database/user/password; INSERT
INTO abuseols.emails (mid,fecha,ip,email) VALUES (
'1rPfN5-0000000087z-0JzV-31247@???', NOW(), '127.0.0.1',
'cottonsgardens@???')
10:04:35 31247 ╰──(tainted)
...
10:04:35 31247 (tainted)
10:04:35 31247 LOG: MAIN PANIC
10:04:35 31247 tainted search query is not properly quoted (ACL warn,
/usr/local/exim/exim.acl 1647): servers=server/database/user/password; INSERT
INTO abuseols.emails (mid,fecha,ip,email) VALUES (
'1rPfN5-0000000087z-0JzV-31247@???', NOW(), '127.0.0.1',
'cottonsgardens@???')
--
You are receiving this mail because:
You are on the CC list for the bug.
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/