Access denied for created user to access DVWA in MariaDB after clicking on CREATE / RESET database in setup.php main page

Question

Access denied for created user to access DVWA in MariaDB after clicking on CREATE / RESET database in setup.php main page

ShadowNinja89 opened this issue 4 months ago · 3 comments

Before you raise a bug, please make sure you have fully read the README, especially if your bug relates to configuring the database.

Issues will be closed if the answer is in the README and no obvious attempts have been made to follow it.

Support will only be given for users running the latest pull of code from GitHub. Not a tagged release, not a pre-installed app, not a ZIP you got from a mate.

Describe the bug

I am receiving a PHP error saying access is denied for the Db_user account ID I set up in config.inc.php. of 'kali'@'localhost'. The error from my Apache2 error log specifically points to line 13 of mysql.php within the include/DBMS folder. This is despite me executing GRANT ALL PRIVILEGES statement to my db_user user ID I created on the DVWA database I created in MariaDB instance. See screenshots below from config.inc.php and Show grants; statement output in MariaDB.

To Reproduce

Being logged in my Kali Linux VM with default 'kali' user account, I go to http://localhost/DVWA/setup.php and am able to see the default setup php page. I click on the button CREATE / RESET database on this page and fatal access denied error occurs as described above.

Steps to reproduce the behaviour:

Go to 'http://localhost/DVWA/setup.php'
Click on button at bottom to create / reset database
See fatal access error as described above. (reference screenshots for exact wording)

Logs

Please see screenshot provided.

Expected behavior

I expect the database to be created by MariaDB / MySQL backend DB instance and the login screen to be shown in browser.

What have you done to help fix the issue yourself?

I have executed GRANT ALL PRIVILEGES statement on my db_user user ID to all . as well as separately executed this statement on the DVWA database I created with the CREATE DATABASE command in MariaDB. A review of show grants output when logged in as root for my db_user user ID showed successful statement execution. Finally I rebooted the mysql service via statement service mysql restart.

Screenshots

See below.

System (please complete the following information):

OS: Kali Linux
Database and Version Maria DB , version 10.7
PHP Version: 8.2.0
Installed PHP modules - All required modules mentioned in Readme.txt and checked with apt command.

Answer 1 · 2024-03-12T07:25:49.000Z

Everything I can see is set up correctly so all that leaves is you've got the password wrong for you MariaDB kali user. Check to see if you can log in on the command line using those creds. ``` mysql -u kali -pkali ``` Note there is no space after the `-p`.

…

On Tue, 12 Mar 2024, 05:08 ShadowNinja89, ***@***.***> wrote: Before you raise a bug, please make sure you have fully read the README, especially if your bug relates to configuring the database. Issues will be closed if the answer is in the README and no obvious attempts have been made to follow it. Support will only be given for users running the latest pull of code from GitHub. Not a tagged release, not a pre-installed app, not a ZIP you got from a mate. *Describe the bug* I am receiving a PHP error saying access is denied for the Db_user account ID I set up in config.inc.php. of 'kali'@'localhost'. The error from my Apache2 error log specifically points to line 13 of mysql.php within the include/DBMS folder. This is despite me executing GRANT ALL PRIVILEGES statement to my db_user user ID I created on the DVWA database I created in MariaDB instance. See screenshots below from config.inc.php and Show grants; statement output in MariaDB. *To Reproduce* Being logged in my Kali Linux VM with default 'kali' user account, I go to http://localhost/DVWA/setup.php and am able to see the default setup php page. I click on the button CREATE / RESET database on this page and fatal access denied error occurs as described above. Steps to reproduce the behaviour: 1. Go to 'http://localhost/DVWA/setup.php' 2. Click on button at bottom to create / reset database 3. See fatal access error as described above. (reference screenshots for exact wording) *Logs* Please see screenshot provided. *Expected behavior* I expect the database to be created by MariaDB / MySQL backend DB instance and the login screen to be shown in browser. *What have you done to help fix the issue yourself?* I have executed GRANT ALL PRIVILEGES statement on my db_user user ID to all *.* as well as separately executed this statement on the DVWA database I created with the CREATE DATABASE command in MariaDB. A review of show grants output when logged in as root for my db_user user ID showed successful statement execution. Finally I rebooted the mysql service via statement service mysql restart. *Screenshots* See below. *System (please complete the following information):* - OS: Kali Linux - Database and Version Maria DB , version 10.7 - PHP Version: 8.2.0 - Installed PHP modules - All required modules mentioned in Readme.txt and checked with apt command. Additional.MariaDB.user.information.png (view on web) <https://github.com/digininja/DVWA/assets/163089732/3e8c9e1b-8105-4bcf-b934-c13568a6b89e> Apache2.access.error.message.png (view on web) <https://github.com/digininja/DVWA/assets/163089732/ed088339-bb12-4136-bbf2-7b1854193d43> config.inc.php.settings.png (view on web) <https://github.com/digininja/DVWA/assets/163089732/d85ba9d4-5e54-455c-8823-09497ffd91ce> Show.grants.mariadb.output.for.kali.user.png (view on web) <https://github.com/digininja/DVWA/assets/163089732/5dd8d235-ec27-433c-b713-ea708f2c57c6> — Reply to this email directly, view it on GitHub <#617>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAA4SWLGMPUNNCIVRQADNWTYX2LWLAVCNFSM6AAAAABERQ2UJ6VHI2DSMVQWIX3LMV43ASLTON2WKOZSGE4DANZUGIYDKNY> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

Answer 2 · 2024-03-13T02:01:51.000Z

Issue resolved. DVWA currently does not support the Unix socket method of authentication nor the ed25519 password hashing algorithm. When I dropped the user and recreated it using native SQL password authentication, I was able to access fine

Answer 3 · 2024-03-13T09:44:59.000Z

You've mixed up a couple of things here. If you are connecting via the socket then you don't use a password, Mariadb uses the user the process is running as to authenticate against the system rather than using database authentication. In most instances the php script will be running as www-data and so you would need to have that as your database user, not kali. You also need to specify localhost as the server name, not 127.0.0.1 or anything like that. PHP treats localhost as meaning "connect by socket".

I created a www-data user in mariadb and set its auth to socket:

create user 'www-data'@localhost identified via unix_socket;
grant all privileges on dvwa.* to 'www-data'@localhost identified via unix_socket;
flush privileges;

Then set this in the config file:

$_DVWA = array();
$_DVWA[ 'db_server' ]   = 'localhost';
$_DVWA[ 'db_database' ] = 'dvwa';
$_DVWA[ 'db_user' ]     = 'www-data';
$_DVWA[ 'db_password' ] = ''; # not needed
$_DVWA[ 'db_port'] = '1'; # not needed but must be an integer

Browsing the SQLi issue, you can then see this in the database log to show it is connecting by a socket, not by TCP.

240222  8:40:33    299 Connect  www-data@localhost on  using Socket
                   299 Query    USE dvwa
                   300 Connect  www-data@localhost on dvwa using Socket
                   300 Prepare  SELECT first_name, last_name FROM users WHERE user_id = (?) LIMIT 1
                   300 Execute  SELECT first_name, last_name FROM users WHERE user_id = (1) LIMIT 1
                   299 Quit
                   300 Close stmt
                   300 Quit

You are right that PHP doesn't currently support passwords stored as ed25519, but that is a limitation of PHP, not DVWA.