1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

BIG BUG in deleting accounts

Discussion in 'General Discussion' started by heavypredator, Feb 2, 2006.

  1. heavypredator

    heavypredator Member

    Joined:
    May 2, 2003
    Messages:
    93
    Likes Received:
    1
    Trophy Points:
    8
    i discovered today that /scripts/killacct has this code:

    Code:
    else {
        my $mysql = cPScript::Mysql->new;
        $mysql->sendmysql("DELETE FROM user WHERE user='$user';");
        $mysql->sendmysql("DELETE FROM user WHERE user LIKE '${user}_%';");
        $mysql->sendmysql("DELETE FROM db WHERE user='$user';");
        $mysql->sendmysql("DELETE FROM db WHERE user LIKE '${user}_%';");
        $mysql->sendmysql("DELETE FROM tables_priv WHERE user='$user';");
        $mysql->sendmysql("DELETE FROM tables_priv WHERE user LIKE '${user}_%';");
        $mysql->sendmysql("DELETE FROM columns_priv WHERE user='$user';");
        $mysql->sendmysql("DELETE FROM columns_priv WHERE user LIKE '${user}_%';");
        $mysql->sendmysql("FLUSH PRIVILEGES;");
        exit();
    }
    thanks to this when deleting account "rage", it deleted all mysql users in accounts rage2, rage3, rage4, rage5

    i understand why it is deleting like this but there should be warning - DO NOT CREATE(or delete :D) ACCOUNTS WITH THE SAME USERNAME<number>

    that took me little over hour to track why suddently my mysql users were gone - not cool i started to think HACKED - checked all apache logs first :/

    can someone from cpanel think of better way to delete db?
     
  2. h2oski

    h2oski Member

    Joined:
    Dec 12, 2001
    Messages:
    71
    Likes Received:
    0
    Trophy Points:
    6
    looks like they just need to escape the _
    In the query above it is being interpreted as a single character wildcard, but I assume cpanel wants it to be interpreted as a literal underscore
     
  3. hostmedic

    hostmedic Member

    Joined:
    Apr 30, 2003
    Messages:
    559
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Washington Court House, Ohio, United States
    i was going to add to bugtrack - - but

    I was going to add this to bugtrack - looked to see if you did and did not see it - but a worth while suggestion.

    thanks for the FYI
    have a few clients that resell doing this method
    OUCH
     
  4. heavypredator

    heavypredator Member

    Joined:
    May 2, 2003
    Messages:
    93
    Likes Received:
    1
    Trophy Points:
    8
    added Bugzilla Bug 3859

    and no problem - it is good to leave info for someone looking for help - it saves people time
     
    #4 heavypredator, Feb 3, 2006
    Last edited: Feb 3, 2006

Share This Page