| Filename | Damn Vulnerable Web App (Live CD) v1.0.6 |
| Permission | rw-r--r-- |
| Author | WhySoSeriousssssssssssss |
| Date and Time | 23:27 |
| Label | hack |
| Action |
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment and help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
Damn Vulnerable Web App is damn vulnerable. Do not upload it to your hosting provider's public html folder or any working webserver as it will be hacked. Recommended is downloading and installing XAMPP onto a local machine inside your LAN which is used solely for testing.
Damn Vulnerable Web App (DVWA) is free software. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
Download DVWA v1.0.7 ZIP file here
Next time i upload the ISO file .
DVWA Version v1.0.6
- Removed ’current password’ input box for low+med CSRF security. 03/09/2009 (ethicalhack3r)
- Added more toubleshooting information
- Stored XSS high now sanitises output
- Fixed a ’bug’ in XSS stored low which made it not vulnerable
- Rewritten command execution high to use a whitelist
- Fixed a command execution vulnerability in exec high
- Added some troubleshooting info for PHP 5.2.6 in readme.txt
- Added the upload directory to the upload help
Vulnerabilities
- SQL Injection
- XSS Stored/Reflected
- LFI (Local File Inclusion)
- RFI (Remote File Inclusion)
- Command Execution
- Upload Script
- Login Brute Force
- Full Path Disclosure
- PHP-IDS
Installation
Default username - admin
Default password - password
The easiest way to install DVWA is to download and install XAMPP if you do not already have a web server setup. XAMPP is a very easy to install Apache Distribution for Linux, Solaris, Windows and Mac OS X. The package includes the Apache web server, MySQL, PHP, Perl, a FTP server and phpMyAdmin. XAMPP can be downloaded from here
Simply unzip dvwa.zip and place the unzipped files in your public html folder. Then point your browser to http://127.0.0.1/dvwa/index.php
Database Setup
To set up the database, simply click on the Setup button in the main menu, then click on the 'Create / Reset Database' button. This will create / reset the database for you with some data in. If you receive an error while trying to create your database, make sure your database credentials are correct within /config/config.inc.php. The variables are set to the following by default:
$_DVWA[ 'db_user' ] = 'root';
$_DVWA[ 'db_password' ] = '';
$_DVWA[ 'db_database' ] = 'dvwa';
An explanation of these variables:
$_DVWA[ 'db_user' ] = 'your_database_username';
$_DVWA[ 'db_password' ] = 'your_database_password';
$_DVWA[ 'db_database' ] = 'your_database_name';
You can install the ISO image onto a disc and boot DVWA or you can create a Virtual Machine from the ISO in VirtualBox (opensource) or VMware. The LiveCD for now will only be available as a torrent.
0 comments:
Post a Comment