Closed igotfr closed 8 months ago
digininja
commented
10 months ago can you send the last five lines from your Apache log, a screenshot of the error, what directory have you installed dvwa into and what is the document root line in the Apache config file.
igotfr
commented
10 months ago @digininja $ cat /var/log/httpd/error_log
[Wed Jan 10 15:34:11.275225 2024] [mpm_event:notice] [pid 4801:tid 4801] AH00489: Apache/2.4.58 (Fedora Linux) configured -- resuming normal operations
[Wed Jan 10 15:34:11.275334 2024] [core:notice] [pid 4801:tid 4801] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Wed Jan 10 15:34:19.232953 2024] [autoindex:error] [pid 4815:tid 4919] [client ::1:34628] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive
[Wed Jan 10 15:34:35.529457 2024] [proxy_fcgi:error] [pid 4815:tid 4914] [client ::1:34630] AH01071: Got error 'Unable to open primary script: /var/www/html/DVWA/index.php (Permission denied)'
[Wed Jan 10 15:34:47.263306 2024] [proxy_fcgi:error] [pid 4816:tid 4948] [client ::1:37478] AH01071: Got error 'Unable to open primary script: /var/www/html/DVWA/setup.php (Permission denied)'Read the third line down
On Wed, 10 Jan 2024, 18:46 Igor Ferreira, @.***> wrote:
@digininja https://github.com/digininja $ cat /var/log/httpd/error_log
[Wed Jan 10 15:34:11.275225 2024] [mpm_event:notice] [pid 4801:tid 4801] AH00489: Apache/2.4.58 (Fedora Linux) configured -- resuming normal operations [Wed Jan 10 15:34:11.275334 2024] [core:notice] [pid 4801:tid 4801] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND' [Wed Jan 10 15:34:19.232953 2024] [autoindex:error] [pid 4815:tid 4919] [client ::1:34628] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive [Wed Jan 10 15:34:35.529457 2024] [proxy_fcgi:error] [pid 4815:tid 4914] [client ::1:34630] AH01071: Got error 'Unable to open primary script: /var/www/html/DVWA/index.php (Permission denied)' [Wed Jan 10 15:34:47.263306 2024] [proxy_fcgi:error] [pid 4816:tid 4948] [client ::1:37478] AH01071: Got error 'Unable to open primary script: /var/www/html/DVWA/setup.php (Permission denied)'
— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/issues/599#issuecomment-1885424817, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWNVYMFDHBG4YASGBULYN3OW7AVCNFSM6AAAAABBTYO5DWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQOBVGQZDIOBRG4 . You are receiving this because you were mentioned.Message ID: @.***>
igotfr
commented
10 months ago @digininja sorry, I didn't understand what the third line means:
[Wed Jan 10 15:34:19.232953 2024] [autoindex:error] [pid 4815:tid 4919] [client ::1:34628] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directiveI have already edited the httpd.conf to:
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>but the problem persists
igotfr
commented
10 months ago @digininja
I have installed the dvwa on directory /var/www/html
$ /etc/httpd/conf/httpd.conf
DocumentRoot "/var/www/html"But where are the files? I bet they aren't in that directory. Are they in /var/www/html/DVWA ?
On Wed, 10 Jan 2024, 19:28 Igor Ferreira, @.***> wrote:
@digininja https://github.com/digininja image.png (view on web) https://github.com/digininja/DVWA/assets/32280512/3aae24da-ed5d-4f9c-8f91-609433e5cb2e
I have installed the dvwa on directory /var/www/html
$ /etc/httpd/conf/httpd.conf
DocumentRoot "/var/www/html"
— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/issues/599#issuecomment-1885570148, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWOADZV5DSSHF5BQRJTYN3TVLAVCNFSM6AAAAABBTYO5DWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQOBVGU3TAMJUHA . You are receiving this because you were mentioned.Message ID: @.***>
igotfr
commented
10 months ago @digininja yes, the files are in /var/www/html/DVWA
digininja
commented
10 months ago So as the document root is /var/www/html and the files are in /var/www/html/DVWA you'll need to browse to /DVWA to see them.
On Wed, 10 Jan 2024, 19:40 Igor Ferreira, @.***> wrote:
@digininja https://github.com/digininja yes, the files are in /var/www/html/DVWA
— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/issues/599#issuecomment-1885587123, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWJI7S4B6A35RFNR2NTYN3VBFAVCNFSM6AAAAABBTYO5DWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQOBVGU4DOMJSGM . You are receiving this because you were mentioned.Message ID: @.***>
igotfr
commented
10 months ago @digininja I'm browsing http://localhost/DVWA/setup.php according the screenshot
digininja
commented
10 months ago I don't know then, it must be some odd Fedora thing.
Maybe file or directory permissions. Give a directory listing for /var/www/html and /var/www/html/DVWA
On Wed, 10 Jan 2024, 19:43 Igor Ferreira, @.***> wrote:
@digininja https://github.com/digininja I'm browsing http://localhost/DVWA/setup.php according the screenshot
— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/issues/599#issuecomment-1885595583, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWMDQZCMRU2GD77LC2DYN3VOJAVCNFSM6AAAAABBTYO5DWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQOBVGU4TKNJYGM . You are receiving this because you were mentioned.Message ID: @.***>
igotfr
commented
10 months ago @digininja I put a test .php file with the same permission of the files in DVWA in the folder DVWA and it works
digininja
commented
10 months ago I still want to see the directory listings.
On Wed, 10 Jan 2024, 20:15 Igor Ferreira, @.***> wrote:
@digininja https://github.com/digininja I put a test .php file with the same permission of the files in DVWA in the folder DVWA and it works
— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/issues/599#issuecomment-1885650266, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWMNTDSQAXWMT2PC2HTYN3ZFLAVCNFSM6AAAAABBTYO5DWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQOBVGY2TAMRWGY . You are receiving this because you were mentioned.Message ID: @.***>
digininja
commented
10 months ago I should add please use ls -al rather than just ls so I can see the
full file permissions.
On Wed, 10 Jan 2024 at 21:41, Robin Wood @.***> wrote:
I still want to see the directory listings.
On Wed, 10 Jan 2024, 20:15 Igor Ferreira, @.***> wrote:
@digininja https://github.com/digininja I put a test .php file with the same permission of the files in DVWA in the folder DVWA and it works
— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/issues/599#issuecomment-1885650266, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWMNTDSQAXWMT2PC2HTYN3ZFLAVCNFSM6AAAAABBTYO5DWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQOBVGY2TAMRWGY . You are receiving this because you were mentioned.Message ID: @.***>
igotfr
commented
10 months ago @digininja
a.php is the file that I created for test that works
digininja
commented
10 months ago They look ok so I'm going to guess selinux is causing problems. I'm not a Fedora user so can't help debug it any more but this page give a bit more information.
https://serverfault.com/questions/1145844/how-to-enable-executing-php-files-in-fedora-apache
On Sat, 13 Jan 2024, 08:49 Igor Ferreira, @.***> wrote:
@digininja https://github.com/digininja image.png (view on web) https://github.com/digininja/DVWA/assets/32280512/8fda77f1-e0d9-4150-a594-916433724dd4
a.php is the file that I created for test that works
— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/issues/599#issuecomment-1890384650, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWOATOURCUEYY3JNSALYOJDCTAVCNFSM6AAAAABBTYO5DWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQOJQGM4DINRVGA . You are receiving this because you were mentioned.Message ID: @.***>
sukalaper
commented
10 months ago @digininja
I have installed the dvwa on directory /var/www/html
$ /etc/httpd/conf/httpd.conf
DocumentRoot "/var/www/html"
Hi, have you set on this line?
allow_url_fopen = On allow_url_include values = Ondigininja
commented
10 months ago They are nothing to do with this and won't affect it in any way.
On Wed, 24 Jan 2024, 07:42 Nggi., @.***> wrote:
@digininja https://github.com/digininja [image: image] https://private-user-images.githubusercontent.com/32280512/295683484-3aae24da-ed5d-4f9c-8f91-609433e5cb2e.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MDYwODE5MjUsIm5iZiI6MTcwNjA4MTYyNSwicGF0aCI6Ii8zMjI4MDUxMi8yOTU2ODM0ODQtM2FhZTI0ZGEtZWQ1ZC00ZjljLThmOTEtNjA5NDMzZTVjYjJlLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDAxMjQlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwMTI0VDA3MzM0NVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTcwNWY1ZWRjYzQ3YmY2ZWFlMzZhZDdmMDcyNzA2OGRiMDVjNzk3YjQzOTY0ZGJiMTlmZDRkZmMyYzU5OTExM2YmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.zBQ4Nn7H0SEFbuwPFQ1_0Ff7dQtdIDK9RHgUm7RzgAE
I have installed the dvwa on directory /var/www/html
$ /etc/httpd/conf/httpd.conf
DocumentRoot "/var/www/html"
Hi, have you set on this line?
- allow_url_fopen = On
- allow_url_include values = On
— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/issues/599#issuecomment-1907567513, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWPOJSH5PHPL7ZVSVYDYQC3NDAVCNFSM6AAAAABBTYO5DWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMBXGU3DONJRGM . You are receiving this because you were mentioned.Message ID: @.***>
hoang-himself
commented
9 months ago @igotfr have you resolved this issue?
My best guess is everything in /var/www/ should be owned by www.
Try chown -R www /var/www.
Questions here may or may not be answered depending on the state of the question, to increase your chance, read this before asking Asking For Technical Help.
Basically, the more details you give, the more chance of getting an answer. We need at least:
Support will only be given for users running the latest pull of code from GitHub. Not a tagged release, not a pre-installed app, not a ZIP you got from a mate.