cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
50f5e2e3784c4cbc8f85a56b44ddef449008eb1d
Linux-Server-Management-Too…/.sysref.beta
T
Developer 16f222fc0e CRITICAL FIXES: Security vulnerabilities in reference-db.sh and common-functions.sh 
SECURITY FIXES:
1. SQL Injection (reference-db.sh:183)
   - Escape database names with backticks in WHERE clause
   - Changed: WHERE table_schema='' → WHERE table_schema=``
   - Prevents malicious database names from breaking SQL queries

2. Password Exposure (reference-db.sh:166)
   - Stop passing password on command line (visible in ps aux)
   - Changed: mysql -uadmin -p${plesk_mysql_pass} → MYSQL_PWD env var
   - Passwords no longer exposed in process listings
   - Added unset MYSQL_PWD at end of function for cleanup

3. Race Condition in Temp Files (common-functions.sh:173)
   - Replace mkdir -p with mktemp -d for secure temp directory creation
   - Changed: mkdir -p "$TEMP_SESSION_DIR" → mktemp -d -t server-toolkit.XXXXXX
   - Prevents race condition attacks on predictable paths

Testing: All changes validated for syntax and behavior
2026-03-19 20:44:58 -04:00

36 lines
1.3 KiB
Plaintext
Raw Blame History

# System Reference Database
# Generated: Thu Mar 19 08:28:56 PM EDT 2026
# Format: Type|Field1|Field2|...
[SYSTEM]
SYS|CONTROL_PANEL|cpanel|11.134.0.10
SYS|OS|almalinux|9.7
SYS|WEB_SERVER|apache|2.4.66
SYS|DATABASE|mariadb|10.6.25
SYS|LOG_DIR|/var/log/apache2/domlogs|
SYS|USER_HOME|/home|
SYS|CPU_CORES|2|
SYS|HOSTNAME|cloudvpstemplate.host.pickledperil.com|
SYS|PHP_VERSION|8.0.30|
SYS|PHP_VERSION|8.1.34|
SYS|PHP_VERSION|8.2.30|
[USERS]
USER|pickledperil|pickledperil.com|1|1|134|/home/pickledperil
[DATABASES]
DB|pickledperil_wp_wt6lz|pickledperil
unknown|pickledperil.com|0.78|12
[DOMAINS]
DOMAIN|pickledperil.com|pickledperil|/home/pickledperil/public_html|/etc/apache2/logs/domlogs/pickledperil.com|ea-php81|yes|primary|www.pickledperil.com|500|500|500_ERROR
DOMAIN|www.pickledperil.com|pickledperil|/home/pickledperil/public_html|/etc/apache2/logs/domlogs/pickledperil.com|ea-php81|no|alias|pickledperil.com|500|500|alias_of_500_ERROR
DOMAIN|67-227-141-132.cprapid.com|unknown||/var/log/apache2/domlogs/67-227-141-132.cprapid.com||unknown|local||timeout|timeout|TIMEOUT
DOMAIN|cloudvpstemplate.host.pickledperil.com|unknown||/var/log/apache2/domlogs/cloudvpstemplate.host.pickledperil.com||unknown|local||200|200|200_OK
[WORDPRESS]
WP|pickledperil.com|pickledperil|/home/pickledperil/public_html|pickledperil_wp_wt6lz|pickledperil_wp_7vcwf|6.9.1|2|3
[LOGS]
Reference in New Issue View Git Blame Copy Permalink