search

ssl / ezXSS

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
https://ezxss.com
MIT License
1.87k stars 329 forks source link

SQLSTATE[HY000] [2002] Connection refused - Docker Installation #179

Closed Sicks3c closed 1 day ago

Sicks3c commented 3 weeks ago

Hello There

I have an issue using the Docker Installation it appears that it gives me an error when I try to sign up

image

Here's the MYSQL logs from Docker

2024-08-20T10:49:21.262340Z 0 [System] [MY-010910] [Server] /usr/sbin/mysqld: Shutdown complete (mysqld 9.0.1)  MySQL Community Server - GPL.
2024-08-20T10:49:21.262365Z 0 [System] [MY-015016] [Server] MySQL Server - end.
2024-08-20 10:49:24+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 9.0.1-1.el9 started.
2024-08-20 10:49:24+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
2024-08-20 10:49:24+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 9.0.1-1.el9 started.
'/var/lib/mysql/mysql.sock' -> '/var/run/mysqld/mysqld.sock'
2024-08-20T10:49:25.199708Z 0 [System] [MY-015015] [Server] MySQL Server - start.
2024-08-20T10:49:25.440614Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 9.0.1) starting as process 1
2024-08-20T10:49:25.446291Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
2024-08-20T10:49:25.670511Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended.
mysqld: Table 'mysql.plugin' doesn't exist
2024-08-20T10:49:25.807676Z 0 [ERROR] [MY-010735] [Server] Could not open the mysql.plugin table. Please perform the MySQL upgrade procedure.
2024-08-20T10:49:25.808061Z 0 [Warning] [MY-010441] [Server] Failed to open optimizer cost constant tables
2024-08-20T10:49:25.808232Z 0 [Warning] [MY-010441] [Server] Failed to open optimizer cost constant tables
2024-08-20T10:49:25.808388Z 0 [Warning] [MY-010441] [Server] Failed to open optimizer cost constant tables
2024-08-20T10:49:25.808589Z 0 [Warning] [MY-010441] [Server] Failed to open optimizer cost constant tables
2024-08-20T10:49:25.808741Z 0 [Warning] [MY-010441] [Server] Failed to open optimizer cost constant tables
2024-08-20T10:49:25.808934Z 0 [Warning] [MY-010441] [Server] Failed to open optimizer cost constant tables
2024-08-20T10:49:25.809088Z 0 [Warning] [MY-010441] [Server] Failed to open optimizer cost constant tables
2024-08-20T10:49:25.857850Z 0 [Warning] [MY-010015] [Repl] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened.
2024-08-20T10:49:25.918647Z 0 [Warning] [MY-010015] [Repl] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened.
2024-08-20T10:49:25.925486Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed.
2024-08-20T10:49:25.925550Z 0 [System] [MY-013602] [Server] Channel mysql_main configured to support TLS. Encrypted connections are now supported for this channel.
2024-08-20T10:49:25.930027Z 0 [Warning] [MY-011810] [Server] Insecure configuration for --pid-file: Location '/var/run/mysqld' in the path is accessible to all OS users. Consider choosing a different directory.
2024-08-20T10:49:25.930377Z 0 [Warning] [MY-010441] [Server] Failed to open optimizer cost constant tables
2024-08-20T10:49:25.930647Z 0 [ERROR] [MY-013129] [Server] A message intended for a client cannot be sent there as no client-session is attached. Therefore, we're sending the information to the error-log instead: MY-001146 - Table 'mysql.component' doesn't exist
2024-08-20T10:49:25.930673Z 0 [Warning] [MY-013129] [Server] A message intended for a client cannot be sent there as no client-session is attached. Therefore, we're sending the information to the error-log instead: MY-003543 - The mysql.component table is missing or has an incorrect definition.
2024-08-20T10:49:25.930893Z 0 [ERROR] [MY-000067] [Server] unknown variable 'mysql_native_password=ON'.
2024-08-20T10:49:25.931916Z 0 [ERROR] [MY-010119] [Server] Aborting
2024-08-20T10:49:27.461703Z 0 [System] [MY-010910] [Server] /usr/sbin/mysqld: Shutdown complete (mysqld 9.0.1)  MySQL Community Server - GPL.
2024-08-20T10:49:27.461723Z 0 [System] [MY-015016] [Server] MySQL Server - end.

Cheers

Sicks3c commented 3 weeks ago

Fixed by updating the mysql to version 8, here's the docker-compose.yml I use

version: '3.7'

services:
  ezxssdb:
    image: mysql:8.0
    restart: always
    environment:
      - MYSQL_RANDOM_ROOT_PASSWORD=yes
      - MYSQL_DATABASE=${dbName}
      - MYSQL_USER=${dbUser}
      - MYSQL_PASSWORD=${dbPassword}
      - DEFAULT_AUTHENTICATION_PLUGIN=mysql_native_password
      - MYSQL_SSL_MODE=DISABLED # Disable SSL; remove or set to REQUIRED for production
    volumes:
      - "./ezxssdb:/var/lib/mysql"

  ezxss:
    build:
      context: .
      dockerfile: ./Dockerfile
      args:
        - USE_MAIL_ALERTS=${useMailAlerts}
    ports:
      - "${dockerHttpPort:-80}:80"
      - "${dockerHttpsPort:-443}:443"
    volumes:
      - .:/var/www/html
    restart: always
    depends_on:
      - ezxssdb
    environment:
      - INSTALL_CERTIFICATE=${autoInstallCertificate}
      - DOMAIN=${domain}
      - HTTPMODE=${httpmode}
  docker-compose down
  docker-compose up -d --build

image

unrealistic-reality commented 3 days ago

here's mine to solve the connection refused. I noticed that the docker container name is different that it should be:

version: '3.7'

services:
  ezxssdb:
    image: mysql:8.0
    container_name: ezxssdb
    restart: always
    environment:
      - MYSQL_RANDOM_ROOT_PASSWORD=yes
      - MYSQL_DATABASE=${dbName}
      - MYSQL_USER=${dbUser}
      - MYSQL_PASSWORD=${dbPassword}
      - DEFAULT_AUTHENTICATION_PLUGIN=mysql_native_password
      - MYSQL_SSL_MODE=DISABLED # Disable SSL; remove or set to REQUIRED for production
    ports:
      - "${dbPort:-3306}:3306"
    volumes:
      - "./ezxssdb:/var/lib/mysql"
  ezxss:
    build:
      context: .
      dockerfile: ./Dockerfile
      args:
        - USE_MAIL_ALERTS=${useMailAlerts}
    ports:
      - "${dockerHttpPort:-80}:80"
      - "${dockerHttpsPort:-443}:443"
    volumes:
      - .:/var/www/html
    restart: always
    depends_on:
      - ezxssdb
    environment:
      - INSTALL_CERTIFICATE=${autoInstallCertificate}
      - DOMAIN=${domain}
      - HTTPMODE=${httpmode}
ssl commented 3 days ago

There is, indeed, a problem with Docker, since MySQL 9 doesn't support the native password no more.

I will fix this soon, I just need to look into if locking to MySQL 8 is the correct fix.

abbycantcode commented 1 day ago

After resolving the error with @Sicks3c idea, I got in the loop of name resolution error and @unrealistic-reality showed how to resolve it but unfortunaltely it is not working for me. should I stick with manual apache or nginx installation but setting up a db is also a pain there. Screenshot from 2024-09-13 10-20-58 Screenshot from 2024-09-13 10-21-14

ssl commented 1 day ago

The issue has been fixed in https://github.com/ssl/ezXSS/commit/c33854483228ce3ecac21fead5623388f95f9fd5 by removing the deprecated command. MySQL 9+ by default uses the new 'caching_sha2_password' method.

To make sure your setup is correct, please fetch the latest changes from GitHub and rebuild your Docker container. If this still gives errors, you might need to delete the ezxssdb folder (be careful if you temporary bypassed this issue and already have items in your database, they will get deleted).

git pull
docker-compose down
rm -rf ./ezxssdb
docker-compose up

If any issues persist, please re-open the ticket or create a new ticket with a the new issue. Thanks for the heads up y'all!