Web Application Vulnerabilities

Lab 14

“DVWA (Damn Vulnerable Web Application) is a web-based application that has been deliberately designed to include various vulnerabilities.In this lab, we will install the application and investigate some of the vulnerabilities.”

Exercise one: Installing Xampp

This slideshow requires JavaScript.

Exercise two: Installing DVWA

This slideshow requires JavaScript.

Exercise three: Exploiting a Command Execution Vulnerability

Size of the packets are only 32 bytes.1.PNG

We have set the amount of bytes for this one, so its 800.


If this is the correct thing that was meant to display from the command /?, then this basically works like a command prompt. -l we sent the size of the of the bytes to the server, this pings whatever we type in.


What was returned when typing in “server | dir” into the ip address text box, was information that looked like it regarded the extracting or editing of the DVWA files or the information log of me accessing the site via the browser. Because dir is a command used for file and directory listings?


Exercise four: Exploiting a SQL injection Vulnerability

During wokring on this website I noticed that when entering the commands given to us from the lab book, This worked like a database.


Entering the 1′ command into the textbox, gave me back admin information.


Exercise five: Exploiting a Cross Site Scripting Vulnerability

This part of the lab, worked like executable scripting.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s