“DVWA (Damn Vulnerable Web Application) is a web-based application that has been deliberately designed to include various vulnerabilities.In this lab, we will install the application and investigate some of the vulnerabilities.”
Exercise one: Installing Xampp
Exercise two: Installing DVWA
Exercise three: Exploiting a Command Execution Vulnerability
Size of the packets are only 32 bytes.
We have set the amount of bytes for this one, so its 800.
If this is the correct thing that was meant to display from the command /?, then this basically works like a command prompt. -l we sent the size of the of the bytes to the server, this pings whatever we type in.
What was returned when typing in “server | dir” into the ip address text box, was information that looked like it regarded the extracting or editing of the DVWA files or the information log of me accessing the site via the browser. Because dir is a command used for file and directory listings?
Exercise four: Exploiting a SQL injection Vulnerability
During wokring on this website I noticed that when entering the commands given to us from the lab book, This worked like a database.
Entering the 1′ command into the textbox, gave me back admin information.
Exercise five: Exploiting a Cross Site Scripting Vulnerability
This part of the lab, worked like executable scripting.