SECURITY: Improper escaping in factoid code
Status: Beta
Brought to you by:
ddipaolo
On the console:
<funroll-loops/bogometer>(privmsg) bogometer: chad's
address is also email:*@chad.org
chad's address
There was an error with the database when executing
select count(factoid_key) from factoids where
lower(factoid_key) = 'chad's address'
Exception occurred: ERROR: parser: parse error at or
near "s"
This is probably an exploitable bug that would allow
anyone to do anything at all in the database.
> foo'; drop table .... is buggy
moobot 0.6.1-1