漏洞演示系统 DVWA(Damn Vulnerable Web Application) V1.8 攻略 测试环境: 操作系统:Windows 8.1 、Windows 7 运行时:.Net Framework 3.5 PHP+MySQL 集成测试环境:XAMPP V3.2.1 首先,从 http://www.dvwa.co.uk/ 下载 DVWA,并将文件释放到 c:\xampp\htdocs\DVWA 修改配置文件 config\config.inc.php ,设置数据库连接账号及默认的安全级别: $_DVWA[ 'db_server' ] = 'localhost'; $_DVWA[ 'db_database' ] = 'dvwa'; $_DVWA[ 'db_user' ] = 'root'; $_DVWA[ 'db_password' ] = 123456; $_DVWA['default_security_level'] = "low"; 然后,访问 http://127.0.0.1/DVWA/login.php 第一关,就是考虑如何登录进去。
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
DVWA(Damn Vulnerable Web Application) V1.8 Windows 8.1Windows 7 .Net Framework 3.5 PHP+MySQL XAMPP V3.2.1 http://www.dvwa.co.uk/DVWAc:\xampp\htdocs\DVWA config\config.inc.php $_DVWA[ 'db_server' ] = 'localhost'; $_DVWA[ 'db_database' ] = 'dvwa'; $_DVWA[ 'db_user' ] = 'root'; $_DVWA[ 'db_password' ] = 123456; $_DVWA['default_security_level'] = "low"; http://127.0.0.1/DVWA/login.php BruterWebCruiser Web Vulnerability Scanner V2.8.0 (http://sec4app.com ) 123 456 Resend Bruter Bruter username password Bruter :Go admin/password WebBrowser DVWASecurity lowlowDVWA DVWA BruteForce Resend Bruter GET Go admin/password Windows Windows dir CSRF SQL SQL InjectionWebCruiser Scan URL: SQL SQL INJECTION POCSQL root SQL Injection Blind Web BrowserSQL Injection (Blind)Scan URL: XSS ReflectedScan URL: Scan URL DVWA
Related Documents
