Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit. Used to learn or teach the art of web application security.
- SQL Injection
- XSS (Cross Site Scripting)
- LFI (Local File Inclusion)
- RFI (Remote File Inclusion)
- Command Execution
- Upload Script
- Login Brute Force
- Added Acunetix scan report.
- All links use http://hiderefer.com to hide referrer header.
- Updated/added ‘more info’ links.
- Moved change log info to CHANGELOG.txt.
- Fixed the exec.php UTF-8 output.
- Moved Help/View source buttons to footer.
- Fixed phpInfo bug.
- Made DVWA IE friendly.
- Fixed html bugs.
- Improved README.txt and fixed typos.
- Made SQL injection possible in sqli_med.php.
It should come as no shock..but this application is damn vulnerable! Do not upload it to your hosting provider’s public html folder or any working web server as it will be hacked. It’s recommend that you download and install XAMP onto a local machine inside your LAN which is used solely for testing.
You can download DVWA 1.0.4 here:
Or read more here.
- Fitbit Vulnerability Means Your Tracker Could Spread Malware
- OWASP WebGoat – Deliberately Insecure Web Application
- WinRAR Vulnerability Is Complete Bullshit
- WackoPicko – Vulnerable Website For Learning & Security Tool Evaluation
- BodgeIt Store – Vulnerable Web Application For Penetration Testing
- Metasploitable – Test Your Metasploit Against A Vulnerable Host
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 232,370 views
- AJAX: Is your application secure enough? - 119,749 views
- eEye Launches 0-Day Exploit Tracker - 85,319 views