# DAMN VULNERABLE WEB APPLICATION
Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid both students & teachers to learn about web application security in a controlled class room environment.
The aim of DVWA is to **practice some of the most common web vulnerabilities**, with **various levels of difficulty**, with a simple straightforward interface.
Please note, there are **both documented and undocumented vulnerabilities** with this software. This is intentional. You are encouraged to try and discover as many issues as possible.
- - -
## WARNING!
Damn Vulnerable Web Application is damn vulnerable! **Do not upload it to your hosting provider's public html folder or any Internet facing servers**, as they will be compromised. It is recommended using a virtual machine (such as [VirtualBox](https://www.virtualbox.org/) or [VMware](https://www.vmware.com/)), which is set to NAT networking mode. Inside a guest machine, you can download and install [XAMPP](https://www.apachefriends.org/) for the web server and database.
### Disclaimer
We do not take responsibility for the way in which any one uses this application (DVWA). We have made the purposes of the application clear and it should not be used maliciously. We have given warnings and taken measures to prevent users from installing DVWA on to live web servers. If your web server is compromised via an installation of DVWA, it is not our responsibility, it is the responsibility of the person/s who uploaded and installed it.
- - -
## License
This file is part of Damn Vulnerable Web Application (DVWA).
Damn Vulnerable Web Application (DVWA) is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
Damn Vulnerable Web Application (DVWA) is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Damn Vulnerable Web Application (DVWA). If not, see <https://www.gnu.org/licenses/>.
- - -
## Internationalisation
This file is available in multiple languages:
- Chinese: [简体中文](README.zh.md)
- Turkish: [Türkçe](README.tr.md)
If you would like to contribute a translation, please submit a PR. Note though, this does not mean just run it through Google Translate and send that in, those will be rejected.
- - -
## Download
While there are various versions of DVWA around, the only supported version is the latest source from the official GitHub repository. You can either clone it from the repo:
```
git clone https://github.com/digininja/DVWA.git
```
Or [download a ZIP of the files](https://github.com/digininja/DVWA/archive/master.zip).
- - -
## Installation
### Installation Videos
- [Installing DVWA on Kali running in VirtualBox](https://www.youtube.com/watch?v=WkyDxNJkgQ4)
- [Installing Damn Vulnerable Web Application (DVWA) on Windows 10](https://www.youtube.com/watch?v=cak2lQvBRAo) [12:39 minutes]
### Windows + XAMPP
The easiest way to install DVWA is to download and install [XAMPP](https://www.apachefriends.org/) if you do not already have a web server setup.
XAMPP is a very easy to install Apache Distribution for Linux, Solaris, Windows and Mac OS X. The package includes the Apache web server, MySQL, PHP, Perl, a FTP server and phpMyAdmin.
XAMPP can be downloaded from:
<https://www.apachefriends.org/>
Simply unzip dvwa.zip, place the unzipped files in your public html folder, then point your browser to: `http://127.0.0.1/dvwa/setup.php`
### Config File
DVWA ships with a dummy copy of its config file which you will need to copy into place and then make the appropriate changes. On Linux, assuming you are in the DVWA directory, this can be done as follows:
`cp config/config.inc.php.dist config/config.inc.php`
On Windows, this can be a bit harder if you are hiding file extensions, if you are unsure about this, this blog post explains more about it:
[How to Make Windows Show File Extensions](https://www.howtogeek.com/205086/beginner-how-to-make-windows-show-file-extensions/)
### Linux Packages
If you are using a Debian based Linux distribution, you will need to install the following packages _(or their equivalent)_:
- apache2
- libapache2-mod-php
- mariadb-server
- mariadb-client
- php php-mysqli
- php-gd
I would recommend doing an update before this, just so you make sure you are going to get the latest version of everything.
```
apt update
apt install -y apache2 mariadb-server mariadb-client php php-mysqli php-gd libapache2-mod-php
```
The site will work with MySQL instead of MariaDB but we strongly recommend MariaDB as it works out of the box whereas you have to make changes to get MySQL to work correctly.
### Database Setup
To set up the database, simply click on the `Setup DVWA` button in the main menu, then click on the `Create / Reset Database` button. This will create / reset the database for you with some data in.
If you receive an error while trying to create your database, make sure your database credentials are correct within `./config/config.inc.php`. *This differs from config.inc.php.dist, which is an example file.*
The variables are set to the following by default:
```php
$_DVWA[ 'db_server'] = '127.0.0.1';
$_DVWA[ 'db_port'] = '3306';
$_DVWA[ 'db_user' ] = 'dvwa';
$_DVWA[ 'db_password' ] = 'p@ssw0rd';
$_DVWA[ 'db_database' ] = 'dvwa';
```
Note, if you are using MariaDB rather than MySQL (MariaDB is default in Kali), then you can't use the database root user, you must create a new database user. To do this, connect to the database as the root user then use the following commands:
```mysql
mysql> create database dvwa;
Query OK, 1 row affected (0.00 sec)
mysql> create user dvwa@localhost identified by 'p@ssw0rd';
Query OK, 0 rows affected (0.01 sec)
mysql> grant all on dvwa.* to dvwa@localhost;
Query OK, 0 rows affected (0.01 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
```
### Other Configuration
Depending on your Operating System, as well as version of PHP, you may wish to alter the default configuration. The location of the files will be different on a per-machine basis.
**Folder Permissions**:
* `./hackable/uploads/` - Needs to be writeable by the web service (for File Upload).
* `./external/phpids/0.6/lib/IDS/tmp/phpids_log.txt` - Needs to be writable by the web service (if you wish to use PHPIDS).
**PHP configuration**:
* `allow_url_include = on` - Allows for Remote File Inclusions (RFI) [[allow_url_include](https://secure.php.net/manual/en/filesystem.configuration.php#ini.allow-url-include)]
* `allow_url_fopen = on` - Allows for Remote File Inclusions (RFI) [[allow_url_fopen](https://secure.php.net/manual/en/filesystem.configuration.php#ini.allow-url-fopen)]
* `safe_mode = off` - (If PHP <= v5.4) Allows for SQL Injection (SQLi) [[safe_mode](https://secure.php.net/manual/en/features.safe-mode.php)]
* `magic_quotes_gpc = off` - (If PHP <= v5.4) Allows for SQL Injection (SQLi) [[magic_quotes_gpc](https://secure.php.net/manual/en/security.magicquotes.php)]
* `display_errors = off` - (Optional) Hides PHP warning messages to make it less verbose [[display_errors](https://secure.php.net/manual/en/errorfunc.configuration.php#ini.display-errors)]
**File: `config/config.inc.php`**:
* `$_DVWA[ 'recaptcha_public_key' ]` & `$_DVWA[ 'recaptcha_private_key' ]` - These values need to be generated from: https://www.google.com/recaptcha/admin/create
### Default Credentials
**Default
没有合适的资源?快使用搜索试试~ 我知道了~
dvwa安装包文件资源
共605个文件
php:360个
txt:108个
html:62个
需积分: 0 23 下载量 78 浏览量
2022-12-21
11:31:51
上传
评论
收藏 1.35MB ZIP 举报
温馨提示
dvwa安装包文件资源
资源推荐
资源详情
资源评论
收起资源包目录
dvwa安装包文件资源 (605个子文件)
style.css 7KB
container.css 7KB
stylesheet.css 5KB
main.css 4KB
login.css 842B
banner.css 393B
source.css 319B
help.css 304B
ConfigForm.css 283B
sqli.db 20KB
sqli.db.dist 20KB
config.inc.php.dist 2KB
close12_1.gif 85B
.gitignore 229B
Converter.php.html 586KB
elementindex.html 554KB
Monitor.php.html 390KB
Filter_Storage.php.html 276KB
Report.php.html 158KB
Event.php.html 123KB
errors.html 108KB
Caching_File.php.html 103KB
Init.php.html 96KB
Filter.php.html 95KB
Caching_Factory.php.html 83KB
elementindex_PHPIDS.html 59KB
Caching_Session.php.html 44KB
IDS_Converter.html 26KB
IDS_Report.html 21KB
Caching_Interface.php.html 19KB
IDS_Monitor.html 18KB
IDS_Event.html 16KB
index.html 15KB
IDS_Filter.html 15KB
IDS_Init.html 14KB
IDS_Filter_Storage.html 14KB
IDS_Log_Email.html 11KB
IDS_Filter_Storage_Abstract.html 11KB
Caching.html 10KB
IDS_Caching_Database.html 9KB
IDS_Caching_Memcached.html 9KB
IDS_Caching_File.html 9KB
IDS_Caching_Session.html 9KB
IDS_Log_File.html 8KB
IDS_Log_Composite.html 8KB
IDS_Log_Database.html 7KB
_Caching---Database.php.html 5KB
_Caching---Memcached.php.html 5KB
_Caching---Session.php.html 5KB
_Log---Database.php.html 5KB
_Caching---File.php.html 5KB
_Log---Composite.php.html 5KB
_Log---Email.php.html 5KB
_Log---File.php.html 5KB
li_PHPIDS.html 5KB
IDS_Caching_Interface.html 5KB
IDS_Caching.html 5KB
IDS_Log_Interface.html 4KB
Filter.html 4KB
_Converter.php.html 3KB
_Caching---Interface.php.html 3KB
_Log---Interface.php.html 3KB
_Filter---Storage.php.html 3KB
_Caching---Factory.php.html 3KB
_Monitor.php.html 3KB
_Filter.php.html 3KB
_Report.php.html 3KB
_Event.php.html 3KB
_Init.php.html 3KB
classtrees_PHPIDS.html 3KB
_Filter---Storage---Abstract.php.html 2KB
_Filter---Filter.php.html 2KB
packages.html 994B
index.html 951B
blank.html 416B
pdf.html 105B
favicon.ico 1KB
Template.php.in 1011B
Config.ini 3KB
php.ini 154B
info.ini 24B
smithy.jpg 4KB
1337.jpg 4KB
admin.jpg 3KB
gordonb.jpg 3KB
pablo.jpg 3KB
container-min.js 63KB
yahoo-dom-event.js 30KB
high_unobfuscated.js 19KB
high.js 10KB
dvwaPage.js 1KB
add_event_listeners.js 593B
high.js 428B
impossible.js 421B
medium.js 258B
ConfigForm.js 120B
default_filter.json 16KB
LICENSE 7KB
README.ar.md 24KB
README.fr.md 20KB
共 605 条
- 1
- 2
- 3
- 4
- 5
- 6
- 7
资源评论
林南溪
- 粉丝: 5
- 资源: 1
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- postgresql-42.7.3.jar
- 2024-05-21 20-36-43.mkv
- 基于QT+C++的智能云监护仪项目,能够实时显示使用者心电、血氧、血压波形及其它各种参数+源码(毕业设计&课程设计&项目开发)
- 基于java开发的app接收硬件端传输的心音信号,具有显示心音波形,发出心音的功能+源码(毕业设计&课程设计&项目开发)
- Python 程序语言设计模式思路-行为型模式:职责链模式:将请求从一个处理者传递到下一个处理者
- 9241703124789646.16健身系统2.apk
- postgresql-16.3-1-windows-x64.exe
- Python 程序语言设计模式思路-结构型模式:装饰器讲解及利用Python装饰器模式实现高效日志记录和性能测试
- 基于YOLOv5和DeepSORT的多目标跟踪仿真与记录
- Python 程序语言设计模式思路-创建型模式:原型模式:通过复制现有对象来创建新对象,面向对象编程
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功