Welcome to The Professional Security Testers Warehouse for the GPEN GSEC GCIH GREM CEH QISP Q/ISP OPST CPTS
Search
Nickname Password Security Code Security Code Type Security Code  
FITSI the certification program for the federal workforce
You are certified but are your qualified? Become qualified today.

Video Library

Skimming for ID theft
5 / 2
Views: 179
Comments: 1
11-01-2008 00:18

Latest version of ATM skimmer hidden behind a speaker looking device
5 / 2
Views: 193
Comments: 0
11-01-2008 00:11

ATM Scam, do check your ATM machine before using it
5 / 1
Views: 180
Comments: 1
10-31-2008 23:59

CyberSecurity NBISE

Forums Posts

Methodologies

Recommended PodCasts

Recommended Sites

Security Blogs

Security Forums

Best Downloads

Best Web Links

Survey

Whic of the following certifications would you like to get?

GPEN
GCIH
CEH
QEH
GREM
GSEC
CISSP
Security+
Other (please leave a comment)



Results
Polls

Votes: 217
Comments: 0

Who's Online

There are currently, 69 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here

Damn Vulnerable Web App (DVWA) 1.6.0 Relesed
Posted on Thursday, 04 March 2010 @ 10:52:21 EST
Contributed by cdupuis | Topic: Web Applications Security

As seen on the great SecurityDatabase web site:  http://www.security-database.com/

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

Damn Vulnerable Web App (DVWA) is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

PNG - 5.2 kb

Version v1.0.6

  • Fixed a bug where the logo would not show on first time use. 03/09/2009 (ethicalhack3r)
  • Removed ’current password’ input box for low+med CSRF security. 03/09/2009 (ethicalhack3r)
  • Added an article which was written for OWASP Turkey. 03/10/2009 (ethicalhack3r)
  • Added more toubleshooting information. 02/10/2009 (ethicalhack3r)
  • Stored XSS high now sanitises output. 02/10/2009 (ethicalhack3r)
  • Fixed a ’bug’ in XSS stored low which made it not vulnerable. 02/10/2009 (ethicalhack3r)
  • Rewritten command execution high to use a whitelist. 30/09/09 (ethicalhack3r)
  • Fixed a command execution vulnerability in exec high. 17/09/09 (ethicalhack3r)
  • Added some troubleshooting info for PHP 5.2.6 in readme.txt. 17/09/09 (ethicalhack3r)
  • Added the upload directory to the upload help. 17/09/09 (ethicalhack3r)

Vulnerabilities

  • SQL Injection
  • XSS Stored/Reflected
  • LFI (Local File Inclusion)
  • RFI (Remote File Inclusion)
  • Command Execution
  • Upload Script
  • Login Brute Force
  • Full Path Disclosure
  • PHP-IDS
  • And much more...

Installation

  • Installation video: YouTube

    Default username = admin
    Default password = password

Database Setup To set up the database, simply click on the Setup button in the main menu, then click on the ’Create / Reset Database’ button. This will create / reset the database for you with some data in.

If you receive an error while trying to create your database, make sure your database credentials are correct within /config/config.inc.php


$_DVWA[ 'db_user' ] = 'your_database_username';
$_DVWA[ 'db_password' ] = 'your_database_password';
$_DVWA[ 'db_database' ] = 'your_database_name';

Everyone is welcome to contribute and help make DVWA as successful as it can be. With out the DVWA community DVWA would not be what it is today.

More information, Official Web Site: DVWA

Login

Nickname

Password

Security Code:
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Related Links

· More about Web Applications Security
· News by cdupuis
Most read story about Web Applications Security:
Wikto -- Web Security Assessment Tool

Article Rating

Average Score: 0
Votes: 0

Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad

Options

"Damn Vulnerable Web App (DVWA) 1.6.0 Relesed" | Login/Create an Account | 1 comment | Search Discussion
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: Damn Vulnerable Web App (DVWA) 1.6.0 Relesed (Score: 1)
by isnawan on Tuesday, 30 March 2010 @ 01:13:09 EDT
(User Info | Send a Message)

would you tell me how to try sql injection and brute force in dvwa? i always get failed although i have read the dvwa help.

thank you very much.




You can syndicate our news using the file backend.php or ultramode.txt


All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2003-2008 by Clement Dupuis and Nathalie Lambert (Site Maintainers).

 


 

 


Page Generation: 0.18 Seconds