# DAMN VULNERABLE WEB APPLICATION
Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid both students & teachers to learn about web application security in a controlled class room environment.
The aim of DVWA is to **practice some of the most common web vulnerabilities**, with **various levels of difficulty**, with a simple straightforward interface.
Please note, there are **both documented and undocumented vulnerabilities** with this software. This is intentional. You are encouraged to try and discover as many issues as possible.
- - -
## WARNING!
Damn Vulnerable Web Application is damn vulnerable! **Do not upload it to your hosting provider's public html folder or any Internet facing servers**, as they will be compromised. It is recommended using a virtual machine (such as [VirtualBox](https://www.virtualbox.org/) or [VMware](https://www.vmware.com/)), which is set to NAT networking mode. Inside a guest machine, you can download and install [XAMPP](https://www.apachefriends.org/en/xampp.html) for the web server and database.
### Disclaimer
We do not take responsibility for the way in which any one uses this application (DVWA). We have made the purposes of the application clear and it should not be used maliciously. We have given warnings and taken measures to prevent users from installing DVWA on to live web servers. If your web server is compromised via an installation of DVWA it is not our responsibility it is the responsibility of the person/s who uploaded and installed it.
- - -
## License
This file is part of Damn Vulnerable Web Application (DVWA).
Damn Vulnerable Web Application (DVWA) is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
Damn Vulnerable Web Application (DVWA) is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Damn Vulnerable Web Application (DVWA). If not, see http://www.gnu.org/licenses/.
- - -
## Download and install as a docker container
- [dockerhub page](https://hub.docker.com/r/vulnerables/web-dvwa/)
`docker run --rm -it -p 80:80 vulnerables/web-dvwa`
Please ensure you are using aufs due to previous MySQL issues. Run `docker info` to check your storage driver. If it isn't aufs, please change it as such. There are guides for each operating system on how to do that, but they're quite different so we won't cover that here.
## Download
DVWA is available either as a package that will run on your own web server or as a Live CD:
+ DVWA v1.9 Source (Stable) - \[1.3 MB\] [Download ZIP](https://github.com/ethicalhack3r/DVWA/archive/v1.9.zip) - Released 2015-10-05
+ DVWA v1.0.7 LiveCD - \[480 MB\] [Download ISO](http://www.dvwa.co.uk/DVWA-1.0.7.iso) - Released 2010-09-08
+ DVWA Development Source (Latest) [Download ZIP](https://github.com/ethicalhack3r/DVWA/archive/master.zip) // `git clone https://github.com/ethicalhack3r/DVWA`
- - -
## Installation
**Please make sure your config/config.inc.php file exists. Only having a config.inc.php.dist will not be sufficient and you'll have to edit it to suit your environment and rename it to config.inc.php. [Windows may hide the trailing extension.](https://support.microsoft.com/en-in/help/865219/how-to-show-or-hide-file-name-extensions-in-windows-explorer)**
### Installation Videos
- [How to setup DVWA (Damn Vulnerable Web Application) on Ubuntu](https://www.youtube.com/watch?v=5BG6iq_AUvM) [21:01 minutes]
- [Installing Damn Vulnerable Web Application (DVWA) on Windows 10](https://www.youtube.com/watch?v=cak2lQvBRAo) [12:39 minutes]
### Windows + XAMPP
The easiest way to install DVWA is to download and install [XAMPP](https://www.apachefriends.org/en/xampp.html) if you do not already have a web server setup.
XAMPP is a very easy to install Apache Distribution for Linux, Solaris, Windows and Mac OS X. The package includes the Apache web server, MySQL, PHP, Perl, a FTP server and phpMyAdmin.
XAMPP can be downloaded from:
https://www.apachefriends.org/en/xampp.html
Simply unzip dvwa.zip, place the unzipped files in your public html folder, then point your browser to: http://127.0.0.1/dvwa/setup.php
### Linux Packages
If you are using a Debian based Linux distribution, you will need to install the following packages _(or their equivalent)_:
`apt-get -y install apache2 mysql-server php php-mysqli php-gd libapache2-mod-php`
### Database Setup
To set up the database, simply click on the `Setup DVWA` button in the main menu, then click on the `Create / Reset Database` button. This will create / reset the database for you with some data in.
If you receive an error while trying to create your database, make sure your database credentials are correct within `./config/config.inc.php`. *This differs from config.inc.php.dist, which is an example file.*
The variables are set to the following by default:
```php
$_DVWA[ 'db_user' ] = 'root';
$_DVWA[ 'db_password' ] = 'p@ssw0rd';
$_DVWA[ 'db_database' ] = 'dvwa';
```
Note, if you are using MariaDB rather than MySQL (MariaDB is default in Kali), then you can't use the database root user, you must create a new database user. To do this, connect to the database as the root user then use the following commands:
```mysql
mysql> create database dvwa;
Query OK, 1 row affected (0.00 sec)
mysql> grant all on dvwa.* to dvwa@localhost identified by 'xxx';
Query OK, 0 rows affected, 1 warning (0.01 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
```
### Other Configuration
Depending on your Operating System as well as version of PHP, you may wish to alter the default configuration. The location of the files will be different on a per-machine basis.
**Folder Permissions**:
* `./hackable/uploads/` - Needs to be writable by the web service (for File Upload).
* `./external/phpids/0.6/lib/IDS/tmp/phpids_log.txt` - Needs to be writable by the web service (if you wish to use PHPIDS).
**PHP configuration**:
* `allow_url_include = on` - Allows for Remote File Inclusions (RFI) [[allow_url_include](https://secure.php.net/manual/en/filesystem.configuration.php#ini.allow-url-include)]
* `allow_url_fopen = on` - Allows for Remote File Inclusions (RFI) [[allow_url_fopen](https://secure.php.net/manual/en/filesystem.configuration.php#ini.allow-url-fopen)]
* `safe_mode = off` - (If PHP <= v5.4) Allows for SQL Injection (SQLi) [[safe_mode](https://secure.php.net/manual/en/features.safe-mode.php)]
* `magic_quotes_gpc = off` - (If PHP <= v5.4) Allows for SQL Injection (SQLi) [[magic_quotes_gpc](https://secure.php.net/manual/en/security.magicquotes.php)]
* `display_errors = off` - (Optional) Hides PHP warning messages to make it less verbose [[display_errors](https://secure.php.net/manual/en/errorfunc.configuration.php#ini.display-errors)]
**File: `config/config.inc.php`**:
* `$_DVWA[ 'recaptcha_public_key' ]` & `$_DVWA[ 'recaptcha_private_key' ]` - These values need to be generated from: https://www.google.com/recaptcha/admin/create
### Default Credentials
**Default username = `admin`**
**Default password = `password`**
_...can easily be brute forced ;)_
Login URL: http://127.0.0.1/dvwa/login.php
### Troubleshooting
For the latest troubleshooting information please visit:
https://github.com/ethicalhack3r/DVWA/issu
没有合适的资源?快使用搜索试试~ 我知道了~
DVWA Installation
共563个文件
php:343个
txt:107个
html:62个
需积分: 44 18 下载量 155 浏览量
2018-08-15
17:00:26
上传
评论 1
收藏 1.26MB ZIP 举报
温馨提示
DVWA all package. DVWA-master.zip
资源推荐
资源详情
资源评论
收起资源包目录
DVWA Installation (563个子文件)
style.css 7KB
container.css 7KB
stylesheet.css 5KB
main.css 4KB
login.css 842B
banner.css 393B
help.css 304B
ConfigForm.css 283B
source.css 240B
config.inc.php.dist 2KB
close12_1.gif 85B
.gitignore 32B
.htaccess 500B
Converter.php.html 586KB
elementindex.html 554KB
Monitor.php.html 390KB
Filter_Storage.php.html 276KB
Report.php.html 158KB
Event.php.html 123KB
errors.html 108KB
Caching_File.php.html 103KB
Init.php.html 96KB
Filter.php.html 95KB
Caching_Factory.php.html 83KB
elementindex_PHPIDS.html 59KB
Caching_Session.php.html 44KB
IDS_Converter.html 26KB
IDS_Report.html 21KB
Caching_Interface.php.html 19KB
IDS_Monitor.html 18KB
IDS_Event.html 16KB
index.html 15KB
IDS_Filter.html 15KB
IDS_Init.html 14KB
IDS_Filter_Storage.html 14KB
IDS_Log_Email.html 11KB
IDS_Filter_Storage_Abstract.html 11KB
Caching.html 10KB
IDS_Caching_Database.html 9KB
IDS_Caching_Memcached.html 9KB
IDS_Caching_File.html 9KB
IDS_Caching_Session.html 9KB
IDS_Log_File.html 8KB
IDS_Log_Composite.html 8KB
IDS_Log_Database.html 7KB
_Caching---Database.php.html 5KB
_Caching---Memcached.php.html 5KB
_Caching---Session.php.html 5KB
_Caching---File.php.html 5KB
_Log---Database.php.html 5KB
_Log---Composite.php.html 5KB
_Log---Email.php.html 5KB
_Log---File.php.html 5KB
li_PHPIDS.html 5KB
IDS_Caching_Interface.html 5KB
IDS_Caching.html 5KB
IDS_Log_Interface.html 4KB
Filter.html 4KB
_Converter.php.html 3KB
_Caching---Interface.php.html 3KB
_Log---Interface.php.html 3KB
_Filter---Storage.php.html 3KB
_Caching---Factory.php.html 3KB
_Monitor.php.html 3KB
_Report.php.html 3KB
_Filter.php.html 3KB
_Event.php.html 3KB
_Init.php.html 3KB
classtrees_PHPIDS.html 3KB
_Filter---Storage---Abstract.php.html 2KB
_Filter---Filter.php.html 2KB
packages.html 994B
index.html 951B
blank.html 416B
pdf.html 105B
favicon.ico 1KB
Template.php.in 1011B
Config.ini 3KB
php.ini 148B
info.ini 24B
smithy.jpg 4KB
1337.jpg 4KB
admin.jpg 3KB
gordonb.jpg 3KB
pablo.jpg 3KB
container-min.js 63KB
yahoo-dom-event.js 30KB
dvwaPage.js 889B
ConfigForm.js 120B
default_filter.json 16KB
LICENSE 7KB
README.md 9KB
CHANGELOG.md 7KB
DVWA_v1.3.pdf 412KB
PH5P.php 165KB
MonitorTest.php 71KB
Converter.php 22KB
dvwaPage.inc.php 20KB
DirectLex.php 20KB
Encoder.php 19KB
共 563 条
- 1
- 2
- 3
- 4
- 5
- 6
资源评论
book_einstei
- 粉丝: 2
- 资源: 6
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功