• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Solved [SOLVED]The Web access shut down.

lastofme

New Member


Messages: 9

#1
Hello there.

Right now I'm testing web security but I found a problem. To test the web security I am using Havij. When making an injection in the domain, the SQL remote access(web) shuts down at approximately 30 seconds into the attack. I can access MySQL via FreeBSD/Navicat. The web is hosted by a company different than the dedicated server. When I restart the dedicated server shutdown -r now can be re-accessed from the web.

Any idea?

Note: FreeBSD version 8.4. MySQL version 5.5.34.

Kind regards.
 

lastofme

New Member


Messages: 9

#3
Re: Injection? Problem

DutchDaemon said:
Your question makes little sense. For example, what does 'the web access shuts down but I can access in FreeBSD' mean?

How to ask questions the smart way.
Sorry if I expressed myself badly. I just updated the post.

'How to ask questions the smart way' this means, when I start the injection test, the access web shuts down, can't connect to the dedicated server (here are the databases), but if you can get through Putty mysql -u root [...] I can also connect with a databases manager, Navicat in my case.

I hope to have better explained my case.

Thanks for your time. Kind regards.
 

junovitch@

Daemon
Developer

Thanks: 607
Messages: 1,773

#4
Re: The Web access shut down when I am testing to inject it

Are you pen-testing a web application for a client or one you developed yourself? It sounds like whatever you are doing is killing running services. What do the logs say? Does service mysql-server restart; service <put_webserver_here> restart fix the problems?
 

lastofme

New Member


Messages: 9

#5
Re: The Web access shut down when I am testing to inject it

Hi,

It's a simple web to register users, show rankings, etc. The service mysql-server restart does not fix it, and service <http://myweb.com> restart gives
Code:
No such file or directory.
I have looked at the mysql .err file before and after performing the test and it does not change, anyway I've also looked at all the logs in /var/log and any changes after the web access fall.

Thanks for your time.
 

junovitch@

Daemon
Developer

Thanks: 607
Messages: 1,773

#6
Re: The Web access shut down when I am testing to inject it

It's service apache24 restart or service nginx restart to restart your web server. Whatever your testing tool is doing, it's likely specific to that tool rather than the OS. At this point, you're probably more likely going to whatever support through the maker of that testing tool or one of their forums.
 

lastofme

New Member


Messages: 9

#7
Re: The Web access shut down when I am testing to inject it

junovitch said:
It's service apache24 restart or service nginx restart to restart your web server. Whatever your testing tool is doing, it's likely specific to that tool rather than the OS. At this point, you're probably more likely going to whatever support through the maker of that testing tool or one of their forums.
Hi,

The web is hosted by a web hosting company, not on the dedicated server.

Kind regards.
 

junovitch@

Daemon
Developer

Thanks: 607
Messages: 1,773

#8
Re: The Web access shut down when I am testing to inject it

I don't understand. You said you have shell access and ran service mysql-server restart and mysql -u root [...]. How is restarting whatever web server you have installed any different? Is it on a different box than the database?
 

lastofme

New Member


Messages: 9

#9
Re: The Web access shut down when I am testing to inject it

junovitch said:
I don't understand. You said you have shell access and ran service mysql-server restart and mysql -u root [...]. How is restarting whatever web server you have installed any different? Is it on a different box than the database?
No, all it's in the same database, the website is hosted on a web hosting different from dedicated.

When I test the web security, the Web access shuts down, but I can access in FreeBSD, I do not understand why this happens, I look in all logs and nothing appears.

The web access only works again when I rebootthe dedicated server.

Thanks for your time, kind regards.