FW: Damn Vulnerable Web App (DVWA) 1.6.0 Relesed

["Larry Seltzer" <larry () larryseltzer com>]

http://www.professionalsecuritytesters.org/modules.php?name=News&file=article&sid=1156

 

LJS

 

Feed: jnazario's Topic
Posted on: Thursday, March 04, 2010 11:52 AM
Author: Posted by cdupuis
Subject: Damn Vulnerable Web App (DVWA) 1.6.0 Relesed

 

As seen on the great SecurityDatabase web site:  http://www.security-database.com/ <http://www.security-database.com/> 

Damn Vulnerable Web App (DVWA) is a PHP <http://en.wikipedia.org/wiki/PHP> /MySQL <http://en.wikipedia.org/wiki/MySQL>  
web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their 
skills and tools in a legal environment, help web developers better understand the processes of securing web 
applications and aid teachers/students to teach/learn web application security in a class room environment.

Damn Vulnerable Web App (DVWA) is free software: you can redistribute it and/or modify it under the terms of the GNU 
General Public License <http://en.wikipedia.org/wiki/GNU_General_Public_License>  as published by the Free Software 
Foundation, either version 3 of the License, or (at your option) any later version.

PNG - 5.2 kb <http://www.security-database.com/toolswatch/IMG/png/logo_dvwa.png> 

Version v1.0.6

*       Fixed a bug where the logo would not show on first time use. 03/09/2009 (ethicalhack3r)
*       Removed ’current password’ input box for low+med CSRF security. 03/09/2009 (ethicalhack3r)
*       Added an article which was written for OWASP Turkey. 03/10/2009 (ethicalhack3r)
*       Added more toubleshooting information. 02/10/2009 (ethicalhack3r)
*       Stored XSS high now sanitises output. 02/10/2009 (ethicalhack3r)
*       Fixed a ’bug’ in XSS stored low which made it not vulnerable. 02/10/2009 (ethicalhack3r)
*       Rewritten command execution high to use a whitelist. 30/09/09 (ethicalhack3r)
*       Fixed a command execution vulnerability in exec high. 17/09/09 (ethicalhack3r)
*       Added some troubleshooting info for PHP 5.2.6 in readme.txt. 17/09/09 (ethicalhack3r)
*       Added the upload directory to the upload help. 17/09/09 (ethicalhack3r)

Vulnerabilities

*       SQL Injection
*       XSS Stored/Reflected
*       LFI (Local File Inclusion)
*       RFI (Remote File Inclusion)
*       Command Execution
*       Upload Script
*       Login Brute Force
*       Full Path Disclosure
*       PHP-IDS
*       And much more...

Installation 

*       Installation video: YouTube <http://www.youtube.com/watch?v=GzIj07jt8rM>  


Default username = admin
Default password = password

Database Setup To set up the database, simply click on the Setup button in the main menu, then click on the ’Create / 
Reset Database’ button. This will create / reset the database for you with some data in.

If you receive an error while trying to create your database, make sure your database credentials are correct within 
/config/config.inc.php


$_DVWA[ 'db_user' ] = 'your_database_username';
$_DVWA[ 'db_password' ] = 'your_database_password';
$_DVWA[ 'db_database' ] = 'your_database_name';

Everyone is welcome to contribute and help make DVWA as successful as it can be. With out the DVWA community DVWA would 
not be what it is today.

More information, Official Web Site: DVWA <http://www.dvwa.co.uk/> 


View article... 
<http://api.postrank.com/log?url=http%3A%2F%2Fwww.professionalsecuritytesters.org%2Fmodules.php%3Fname%3DNews%26file%3Darticle%26sid%3D1156>
 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.