As their website says
:- Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn
vulnerable. Its main goals are to be an aid for security professionals to test
their skills and tools in a legal environment, help web developers better
understand the processes of securing web applications and aid teachers/students
to teach/learn web application security in a class room environment. Elaborated
:-
Happy hunting :) . check how vulnerable it is :-
DVWA can be used on Backtrack linux without installing an LAMPP server . Just copy contents to the root directory and Enjoy.
DVWA – Damn Vulnerable Web
Application
Script kiddies like me :) would be searching for and finding info on
Exploiting vulnerabilities in web applications , such as SQL injection , XSS-CSS and others and testing
them live on websites they find vulnerable .
But the problem here is that all majorWeb Applications has activity logs and all your code executions and other
details including your ip address and other identities gets left there . Check
this out :-
The PHPIDS(Intrusion Detection System) shows that a user from IP
127.0.0.1 has tried to exploit the xss vulnerability by running code - "><script>eval(window.name)</script>".This log available to the
admin can cause for serious risks in case of any enquiries . So? How to test
these attacks safely . There comes DVWA.
It can be used to practice :-
It can be used to practice :-
- Brute forcce
- Local file Inclusion
- Remote file inclusion
- SQL injection
- Upload script
- Command Execution
- XSS
Installation :-
Like every PHP web application , it require a PHP server to
execute , hence use WAMP or XAMPP
-
· Extract the folder DVWA to C:\wamp\www\ or C :\xampp\htdocs\ (select as per your download XAMPP or WAMP )
-
· Open up your browser and go to : - localhost/dvwa/index.php
- Click on set up New Database.-> Logout
.
- username - admin
- password- password
o
Brute force – Brutus download
o
SQL injection – Havij Pro download , Firefox
addon –SQL INJECT ME .
o XSS
– Mozilla firefox addons – XSS ME .
Happy hunting :) . check how vulnerable it is :-
DVWA can be used on Backtrack linux without installing an LAMPP server . Just copy contents to the root directory and Enjoy.
Thank You
Tony Thomas
Tony Thomas
0 comments:
Post a Comment