Showing preview only (973K chars total). Download the full file or copy to clipboard to get everything.
Repository: digininja/DVWA
Branch: master
Commit: 33e364c556e9
Files: 233
Total size: 910.8 KB
Directory structure:
gitextract_f6hea358/
├── .dockerignore
├── .gitattributes
├── .github/
│ ├── FUNDING.yml
│ ├── ISSUE_TEMPLATE/
│ │ ├── bug-report---installation.md
│ │ ├── bug-report---vulnerability.md
│ │ └── i-m-stuck.md
│ └── workflows/
│ ├── codeql-analysis.yml
│ ├── docker-image.yml
│ ├── pytest.yml
│ ├── shiftleft-analysis.yml
│ └── vulnerable.yml
├── .gitignore
├── CHANGELOG.md
├── COPYING.txt
├── Dockerfile
├── README.ar.md
├── README.es.md
├── README.fa.md
├── README.fr.md
├── README.id.md
├── README.it.md
├── README.ko.md
├── README.md
├── README.pl.md
├── README.pt.md
├── README.ru.md
├── README.tr.md
├── README.uk.md
├── README.vi.md
├── README.zh.md
├── SECURITY.md
├── about.php
├── compose.yml
├── config/
│ └── config.inc.php.dist
├── database/
│ ├── bac_setup.sql
│ ├── create_mssql_db.sql
│ ├── create_oracle_db.sql
│ ├── create_postgresql_db.sql
│ ├── create_sqlite_db.sql
│ └── sqli.db.dist
├── docs/
│ └── pdf.html
├── dvwa/
│ ├── css/
│ │ ├── help.css
│ │ ├── login.css
│ │ ├── main.css
│ │ └── source.css
│ ├── includes/
│ │ ├── DBMS/
│ │ │ ├── MySQL.php
│ │ │ └── PGSQL.php
│ │ ├── Parsedown.php
│ │ └── dvwaPage.inc.php
│ └── js/
│ ├── add_event_listeners.js
│ └── dvwaPage.js
├── external/
│ └── recaptcha/
│ └── recaptchalib.php
├── hackable/
│ └── flags/
│ └── fi.php
├── index.php
├── instructions.php
├── login.php
├── logout.php
├── php.ini
├── phpinfo.php
├── robots.txt
├── security.php
├── security.txt
├── setup.php
├── tests/
│ ├── README.md
│ └── test_url.py
└── vulnerabilities/
├── api/
│ ├── .htaccess
│ ├── README.md
│ ├── bootstrap.php
│ ├── composer.json
│ ├── gen_openapi.php
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ ├── openapi.yml
│ ├── public/
│ │ └── index.php
│ ├── source/
│ │ ├── high.php
│ │ ├── impossible.php
│ │ ├── low.php
│ │ └── medium.php
│ └── src/
│ ├── GenericController.php
│ ├── HealthController.php
│ ├── Helpers.php
│ ├── Login.php
│ ├── LoginController.php
│ ├── Order.php
│ ├── OrderController.php
│ ├── Token.php
│ ├── User.php
│ └── UserController.php
├── authbypass/
│ ├── authbypass.js
│ ├── change_user_details.php
│ ├── get_user_data.php
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ └── source/
│ ├── high.php
│ ├── impossible.php
│ ├── low.php
│ └── medium.php
├── bac/
│ ├── README.md
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ ├── log_viewer.php
│ └── source/
│ ├── high.php
│ ├── impossible.php
│ ├── low.php
│ ├── medium.php
│ └── view_source.php
├── brute/
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ └── source/
│ ├── high.php
│ ├── impossible.php
│ ├── low.php
│ └── medium.php
├── captcha/
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ └── source/
│ ├── high.php
│ ├── impossible.php
│ ├── low.php
│ └── medium.php
├── cryptography/
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ └── source/
│ ├── check_token_high.php
│ ├── check_token_impossible.php
│ ├── download_ecb_attack.php
│ ├── download_oracle_attack.php
│ ├── ecb_attack.php
│ ├── high.php
│ ├── impossible.php
│ ├── low.php
│ ├── medium.php
│ ├── oracle_attack.php
│ ├── token_library_high.php
│ ├── token_library_impossible.php
│ └── xor_theory.php
├── csp/
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ └── source/
│ ├── high.js
│ ├── high.php
│ ├── impossible.js
│ ├── impossible.php
│ ├── jsonp.php
│ ├── jsonp_impossible.php
│ ├── low.php
│ └── medium.php
├── csrf/
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ ├── source/
│ │ ├── high.php
│ │ ├── impossible.php
│ │ ├── low.php
│ │ └── medium.php
│ └── test_credentials.php
├── exec/
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ └── source/
│ ├── high.php
│ ├── impossible.php
│ ├── low.php
│ └── medium.php
├── fi/
│ ├── file1.php
│ ├── file2.php
│ ├── file3.php
│ ├── file4.php
│ ├── help/
│ │ └── help.php
│ ├── include.php
│ ├── index.php
│ └── source/
│ ├── high.php
│ ├── impossible.php
│ ├── low.php
│ └── medium.php
├── help.css
├── help.js
├── javascript/
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ └── source/
│ ├── high.js
│ ├── high.php
│ ├── high_unobfuscated.js
│ ├── impossible.php
│ ├── low.php
│ ├── medium.js
│ └── medium.php
├── open_redirect/
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ └── source/
│ ├── high.php
│ ├── impossible.php
│ ├── info.php
│ ├── low.php
│ └── medium.php
├── sqli/
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ ├── session-input.php
│ ├── source/
│ │ ├── high.php
│ │ ├── impossible.php
│ │ ├── low.php
│ │ └── medium.php
│ └── test.php
├── sqli_blind/
│ ├── cookie-input.php
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ └── source/
│ ├── high.php
│ ├── impossible.php
│ ├── low.php
│ └── medium.php
├── upload/
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ └── source/
│ ├── high.php
│ ├── impossible.php
│ ├── low.php
│ └── medium.php
├── view_help.php
├── view_source.php
├── view_source_all.php
├── weak_id/
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ └── source/
│ ├── high.php
│ ├── impossible.php
│ ├── low.php
│ └── medium.php
├── xss_d/
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ └── source/
│ ├── high.php
│ ├── impossible.php
│ ├── low.php
│ └── medium.php
├── xss_r/
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ └── source/
│ ├── high.php
│ ├── impossible.php
│ ├── low.php
│ └── medium.php
└── xss_s/
├── help/
│ └── help.php
├── index.php
└── source/
├── high.php
├── impossible.php
├── low.php
└── medium.php
================================================
FILE CONTENTS
================================================
================================================
FILE: .dockerignore
================================================
**/.git
**/.gitignore
**/.github
**/Dockerfile*
**/.dockerignore
**/compose.yml
================================================
FILE: .gitattributes
================================================
# Auto detect text files and perform LF normalization
* text=auto
#
# The above will handle all files NOT found below
#
# Documents
*.pdf diff=astextplain
*.PDF diff=astextplain
*.md text diff=markdown
# Graphics
*.png binary
*.jpg binary
*.jpeg binary
*.ico binary
# Archives
*.db binary
# Text files where line endings should be preserved
*.patch -text
#
# Exclude files from exporting
#
.gitattributes export-ignore
.gitignore export-ignore
.gitkeep export-ignore
================================================
FILE: .github/FUNDING.yml
================================================
# These are supported funding model platforms
github: digininja
custom: https://digi.ninja
================================================
FILE: .github/ISSUE_TEMPLATE/bug-report---installation.md
================================================
---
name: Bug report - Installation
about: Create a report about installation issues
title: ''
labels: ''
assignees: ''
---
Before you raise a bug, please make sure you have fully read the README, especially if your bug relates to configuring the database.
Issues will be closed if the answer is in the README and no obvious attempts have been made to follow it.
Support will only be given for users running the latest pull of code from GitHub. Not a tagged release, not a pre-installed app, not a ZIP you got from a mate.
**Describe the bug**
A clear and concise description of what the bug is.
**To Reproduce**
What have you installed, what are you running when you get the error...
Steps to reproduce the behaviour:
1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error
**Logs**
Include the last five lines of the Apache log file from directly after the problem happened.
**Expected behaviour**
A clear and concise description of what you expected to happen.
**What have you done to help fix the issue yourself?**
What have you tried, what research have you done, what changes have you made.
**Screenshots**
If applicable, add screenshots to help explain your problem.
**System (please complete the following information):**
- OS: [e.g. Windows, Ubuntu]
- Database and Version [e.g. MySQL, MariaDB, 10.5.12-MariaDB]
- PHP Version [e.g. 7.4.25]
- Installed PHP modules
**Additional context**
Add any other context about the problem here.
================================================
FILE: .github/ISSUE_TEMPLATE/bug-report---vulnerability.md
================================================
---
name: Bug report - Vulnerability
about: Creating a report in a bug in a vulnerability
title: ''
labels: ''
assignees: ''
---
Before you raise a bug, please make sure you have fully read the README, especially if your bug relates to configuring the database.
Issues will be closed if the answer is in the README and no obvious attempts have been made to follow it.
Support will only be given for users running the latest pull of code from GitHub. Not a tagged release, not a pre-installed app, not a ZIP you got from a mate.
**Describe the bug**
A clear and concise description of what the bug is.
**To Reproduce**
Steps to reproduce the behaviour:
1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error
**Expected behaviour**
A clear and concise description of what you expected to happen.
**What have you done to help fix the issue yourself?**
What have you tried, what research have you done, what changes have you made.
**Screenshots**
If applicable, add screenshots to help explain your problem.
**System (please complete the following information):**
- DVWA installation OS [e.g. Windows, Ubuntu]
- Database and Version [e.g. MySQL, MariaDB, 10.5.12-MariaDB]
- PHP Version [e.g. 7.4.25]
**Browser/Proxy (please complete the following information):**
- OS - The one you are running the browser in: [e.g. Windows 10]
- Browser [e.g. Chrome, Firefox]
- Proxy [e.g. Burp, ZAP]
**Additional context**
Add any other context about the problem here.
================================================
FILE: .github/ISSUE_TEMPLATE/i-m-stuck.md
================================================
---
name: I'm Stuck
about: When you are stuck exploiting a vulnerability
title: ''
labels: 'stuck'
assignees: ''
---
Questions here may or may not be answered depending on the state of the question, to increase your chance, read this before asking [Asking For Technical Help](https://digi.ninja/blog/asking_for_help.php).
Basically, the more details you give, the more chance of getting an answer. We need at least:
- Where did you get DVWA from?
- What OS are you installing it on?
- Last five lines from the web server access and error log from the time the error occurred if you got that far.
- The error you got when you got stuck.
- Any previous errors.
- What you have tried to do yourself to fix the problem.
Support will only be given for users running the latest pull of code from GitHub. Not a tagged release, not a pre-installed app, not a ZIP you got from a mate.
================================================
FILE: .github/workflows/codeql-analysis.yml
================================================
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
name: "CodeQL"
on:
push:
branches:
- master
pull_request:
# The branches below must be a subset of the branches above
branches:
- master
schedule:
- cron: '0 15 * * 3'
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
# Override automatic language detection by changing the below list
# Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
language:
- 'javascript'
- 'python'
# Learn more...
# https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
steps:
- name: Checkout repository
uses: actions/checkout@v6.0.2
with:
# We must fetch at least the immediate parents so that if this is
# a pull request then we can checkout the head.
fetch-depth: 2
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v4.33.0
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v4.33.0
# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language
#- run: |
# make bootstrap
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4.33.0
================================================
FILE: .github/workflows/docker-image.yml
================================================
name: Docker Image CI
on:
workflow_dispatch:
push:
branches:
- master
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6.0.2
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name : Build and push multi-arch DVWA image
run: |
IMAGE_ID=ghcr.io/${{ github.repository_owner }}/dvwa
IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
[[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
[ "$VERSION" == "master" ] && VERSION=latest
COMMIT=$(echo "${{ github.sha }}" | cut -c 1-7)
echo IMAGE_ID=$IMAGE_ID
echo VERSION=$VERSION
echo COMMIT=$COMMIT
docker buildx build --platform linux/amd64,linux/arm64 \
--tag $IMAGE_ID:$VERSION \
--tag $IMAGE_ID:$COMMIT \
--push .
================================================
FILE: .github/workflows/pytest.yml
================================================
name: CI
on:
push:
branches:
- master
pull_request:
branches:
- master
schedule:
# Every Sunday at 0AM UTC
- cron: "0 0 * * 0"
jobs:
Pytest:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6.0.2
with:
fetch-depth: 0
- name: Install and Run Pytest
run: |
export SETUPTOOLS_USE_DISTUTILS=stdlib
pip3 install pytest
python3 -m pytest -s
================================================
FILE: .github/workflows/shiftleft-analysis.yml
================================================
# This workflow integrates Scan with GitHub's code scanning feature
# Scan is a free open-source security tool for modern DevOps teams from ShiftLeft
# Visit https://slscan.io/en/latest/integrations/code-scan for help
name: SL Scan
# This section configures the trigger for the workflow. Feel free to customize depending on your convention
on:
push:
branches:
- master
pull_request:
branches:
- master
jobs:
Scan-Build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6.0.2
with:
fetch-depth: 0
- name: Perform Scan
uses: ShiftLeftSecurity/scan-action@v1.3.0
env:
WORKSPACE: ""
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SCAN_AUTO_BUILD: true
with:
output: reports
- name: Upload report
uses: github/codeql-action/upload-sarif@v4.33.0
with:
sarif_file: reports
================================================
FILE: .github/workflows/vulnerable.yml
================================================
name: Vulnerable Action
on:
push:
branches:
- master
jobs:
run_commands:
name: Run Linux Commands
runs-on: ubuntu-latest
steps:
- name: Directory Listing
run: |
ls -al
ls /
pwd
id
cat /etc/passwd
get_secrets:
name: Get Some Secrets
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6.0.2
with:
fetch-depth: 0
- name: Get Secret
env:
ALLMYSECRETS: ${{ toJSON(secrets) }}
ALLMYVARS: ${{ toJSON(vars) }}
SUPER_SECRET: ${{ secrets.DVWA_SECRET_KEY }}
run: |
# This will just show ***
echo "$SUPER_SECRET"
# This will put the secret into a file and then display the file, but that
# will still only show ***
echo "$SUPER_SECRET" > secret_file
cat secret_file
# This will try to show all the secrets, but will show *** instead
echo "$ALLMYSECRETS"
# This will show the variables, because variables are public
echo "$ALLMYVARS"
# This will show a base64 encoded version of the one secret.
# Github doesn't recognise this so will allow it to be shown
echo "$SUPER_SECRET" | base64
# Same for all the tokens.
echo "$ALLMYSECRETS" | base64
================================================
FILE: .gitignore
================================================
# Neither the config file or its backup should go
# into the repo.
config/config.inc.php.bak
config/config.inc.php
# Vim swap files
.*swp
# VS Code editor files
*.code-workspace
# Used by pytest
tests/__pycache__/
# Don't include any uploaded images
hackable/uploads/*
.DS_Store
.DS_Store
================================================
FILE: CHANGELOG.md
================================================
DAMN VULNERABLE WEB APPLICATION
=======================
v1.10 (*Not Yet Released)
======
+ Improved IIS support. (@g0tmi1k)
+ Improved setup system check. (@g0tmi1k)
v1.9 (2015-10-05)
======
+ Added a dedicated objective (or "flag") for file include. (@g0tmi1k)
+ Added a warning to any module that requires a certain configuration. (@g0tmi1k)
+ Added comments to all source code that would be visible via DVWA modules. (@g0tmi1k)
+ Added CSRF token to pre-auth forms (login/setup/security pages). (@g0tmi1k + @Shinkurt)
+ Added HttpOnly cookie flag on impossible levels. (@g0tmi1k)
+ Added more detail to the documentation. (@g0tmi1k)
+ Added PDO to all impossible levels requiring MySQL. (@g0tmi1k)
+ Added PHPIDS options into the config file. (@g0tmi1k)
+ Added system check to setup. (@g0tmi1k)
+ Added various information to all help pages for every module. (@g0tmi1k)
+ Changed brute force medium to be harder due to sleep. (@g0tmi1k)
+ Changed file include landing page + added 3x example pages. (@g0tmi1k)
+ Changed file include medium to be harder due to more filters. (@g0tmi1k)
+ Changed HTTP REFERER check for medium level CSRF. (@g0tmi1k)
+ Changed input box for medium level with SQLi + SQLi Blind. (@g0tmi1k)
+ Changed SQLi + SQLi Blind to be $_POST rather than $_GET. (@g0tmi1k)
+ Changed SQLi Blind to be a real example of the vulnerability. (@g0tmi1k)
+ Fixed brute force and file upload impossible levels, as they were vulnerable. (@g0tmi1k + @Shinkurt)
+ Fixed bug with file fnclude page not loading. (@g0tmi1k)
+ Fixed CAPTCHA bug to read URL parameters on impossible. (@g0tmi1k)
+ Fixed CAPTCHA bug where the form wouldn't be visible. (@g0tmi1k)
+ Fixed CAPTCHA bug where the URL parameters were not being used for low + medium. (@g0tmi1k)
+ Fixed CSRF medium level bug when not on localhost. (@g0tmi1k)
+ Fixed setup bug with custom URL path. (@g0tmi1k)
+ Removed PostgreSQL DB support. (@g0tmi1k)
+ Renamed 'Command Execution' to 'Command Injection'. (@g0tmi1k)
+ Renamed 'high' level to 'impossible' and created new vectors for 'high'. (@g0tmi1k)
+ Updated README and documentation. (@g0tmi1k)
+ Various code cleanups in the core PHP files + CSS. (@g0tmi1k)
+ Various setup improvements (e.g. redirection + limited menu links). (@g0tmi1k)
v1.8 (2013-05-01)
======
+ Versioning change: Version numbers now follow Major.Minor (e.g. v1.8) removing the middle digit.
+ Moved default security level setting to the config file.
+ Fixed a bug which prevented setup when a database name other than 'dvwa' was used.
+ Added a logic challenge involving an insecure CAPTCHA (requires external internet access)
v1.0.7 (2010-09-08)
======
+ Re-designed the login page + made some other slight cosmetic changes. 06/06/2010 (@ethicalhack3r)
+ Started PostgreSQL implementation. 15/03/2010 (@ethicalhack3r)
+ A few small cosmetic changes. 15/03/2010 (@ethicalhack3r)
+ Improved the help information and look. 15/03/2010 (@ethicalhack3r)
+ Fixed a few bugs thanks to @Digininja. 15/03/2010 (@ethicalhack3r)
+ Show logged in username. 05/02/2010 (Jason Jones)
+ Added new info on RandomStorm. 04/02/2010 (@ethicalhack3r)
+ Added 'SQL Injection (Blind)'. 04/02/2010 (@ethicalhack3r)
+ Added official documentation. 21/11/2009 (@ethicalhack3r)
+ Implemented view all source functionality. 16/10/2009 (tmacuk, craig, @ethicalhack3r)
v1.0.6 (2009-10-05)
======
+ Fixed a bug where the logo would not show on first time use. 03/09/2009 (@ethicalhack3r)
+ Removed 'current password' input box for low+med CSRF security. 03/09/2009 (@ethicalhack3r)
+ Added an article which was written for OWASP Turkey. 03/10/2009 (@ethicalhack3r)
+ Added more toubleshooting information. 02/10/2009 (@ethicalhack3r)
+ Stored XSS high now sanitises output. 02/10/2009 (@ethicalhack3r)
+ Fixed a 'bug' in XSS stored low which made it not vulnerable. 02/10/2009 (@ethicalhack3r)
+ Rewritten command execution high to use a whitelist. 30/09/09 (@ethicalhack3r)
+ Fixed a command execution vulnerability in exec high. 17/09/09 (@ethicalhack3r)
+ Added some troubleshooting info for PHP 5.2.6 in readme.txt. 17/09/09 (@ethicalhack3r)
+ Added the upload directory to the upload help. 17/09/09 (@ethicalhack3r)
v1.0.5 (2009-09-03)
======
+ Made IE friendly as much as possible. 30/08/2009 (@ethicalhack3r)
+ Removed the acunetix scan report. 30/08/2009 (@ethicalhack3r)
+ Added 'Clear Log' button to PHPIDS parser. 27/08/2009 (@ethicalhack3r)
+ Implemented PHPIDS log parser. 27/08/2009 (@ethicalhack3r)
+ Implemented Stored XSS vulnerability. 27/08/2009 (@ethicalhack3r)
+ Added htaccess rule for localhost access only. 22/08/2009 (@ethicalhack3r)
+ Added CSRF. 01/08/2009 (@ethicalhack3r)
+ Implemented sessions/login. 01/08/2009 (@ethicalhack3r)
+ Complete recode. (jamesr)
+ Complete redesign. (jamesr)
+ Delimited 'dvwa' in session- minimising the risk of clash with other projects running on localhost. 01/08/2009 (jamesr)
+ Integrated PHPIDS v0.6. 01/08/2009 (jamesr)
+ Streamlined login functionality. 01/08/2009 (jamesr)
v1.0.4 (2009-06-29)
======
+ Added acunetix scan report. 24/06/2009
+ All links use http://hiderefer.com to hide referrer header. 23/06/2009
+ Updated/added 'more info' links. 23/06/2009
+ Moved change log info to CHANGELOG.txt. 22/06/2009
+ Fixed the exec.php UTF-8 output. 16/06/2009
+ Moved Help/View source buttons to footer. 12/06/2009
+ Fixed phpInfo bug. 12/06/2009
+ Made dvwa IE friendly. 11/06/2009
+ Fixed html bugs. 11/06/2009
+ Added more info to about page. 03/06/2009
+ Added pictures for the users. 03/06/2009
+ Fixed typos on the welcome page. 03/06/2009
+ Improved README.txt and fixed typos. 03/06/2009
+ Made SQL injection possible in sqli_med.php. Thanks to Teodor Lupan. 03/06/2009
v1.0.3 (2009-05-25)
======
+ Changed XAMPP link in index.php. 25/05/2009
+ Set default security to low. 25/05/2009
+ Improved output in setup.php. 25/05/2009
v1.0.2 (2009-05-24)
======
+ Removed phpinfo on higher security levels. 24/05/2009
+ Moved all vulnerable code to /source/. 24/05/2009
+ Added viewsource. 24/05/2009
v1.0.1 (2009-05-24)
======
+ Implemented different security levels. 24/05/2009
+ Changed XSS from POST to GET. 22/05/2009
+ Some changes to CSS. 22/05/2009
+ Version number now in variable in header.php. 21/05/2009
+ Added about page. 21/05/2009
+ Updated login script to use database. 21/05/2009
+ Added admin user to database. 21/05/2009
+ Combined RFI + LFI to make 'File Inclusion'. 21/05/2009
+ More realism to Local File Inclusion. 21/05/2009
+ Better error output on upload script. 21/05/2009
v1.0 (2009-05-20)
====
+ Made command execution more realistic. 20/05/2009
+ Added help buttons. 20/05/2009
+ Added .htaccess file to turn magic quotes off. 20/05/2009
+ Improved database creation with setup.php. 19/05/2009
+ Amended installation instructions in README file. 19/05/2009
+ Added GNU GPL license. 19/05/2009
+ Added a robots.txt file with disallow all. 26/01/2009
+ Removed link to www.ethicalhacker.co.uk in footer. 26/01/2009
+ Added better error output on magic quotes. 26/01/2009
Links
=====
+ Homepage: http://www.dvwa.co.uk
_Created by the DVWA team._
================================================
FILE: COPYING.txt
================================================
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU General Public License is a free, copyleft license for
software and other kinds of works.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
the GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users. We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors. You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
To protect your rights, we need to prevent others from denying you
these rights or asking you to surrender the rights. Therefore, you have
certain responsibilities if you distribute copies of the software, or if
you modify it: responsibilities to respect the freedom of others.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must pass on to the recipients the same
freedoms that you received. You must make sure that they, too, receive
or can get the source code. And you must show them these terms so they
know their rights.
Developers that use the GNU GPL protect your rights with two steps:
(1) assert copyright on the software, and (2) offer you this License
giving you legal permission to copy, distribute and/or modify it.
For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software. For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.
Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the manufacturer
can do so. This is fundamentally incompatible with the aim of
protecting users' freedom to change the software. The systematic
pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable. Therefore, we
have designed this version of the GPL to prohibit the practice for those
products. If such problems arise substantially in other domains, we
stand ready to extend this provision to those domains in future versions
of the GPL, as needed to protect the freedom of users.
Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish to
avoid the special danger that patents applied to a free program could
make it effectively proprietary. To prevent this, the GPL assures that
patents cannot be used to render the program non-free.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Use with the GNU Affero General Public License.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU Affero General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the special requirements of the GNU Affero General Public License,
section 13, concerning interaction through a network will apply to the
combination as such.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
================================================
FILE: Dockerfile
================================================
FROM docker.io/library/php:8-apache
LABEL org.opencontainers.image.source=https://github.com/digininja/DVWA
LABEL org.opencontainers.image.description="DVWA pre-built image."
LABEL org.opencontainers.image.licenses="gpl-3.0"
WORKDIR /var/www/html
# https://www.php.net/manual/en/image.installation.php
RUN apt-get update \
&& export DEBIAN_FRONTEND=noninteractive \
&& apt-get install -y zlib1g-dev libpng-dev libjpeg-dev libfreetype6-dev iputils-ping git \
&& apt-get clean -y && rm -rf /var/lib/apt/lists/* \
&& docker-php-ext-configure gd --with-jpeg --with-freetype \
&& a2enmod rewrite \
# Use pdo_sqlite instead of pdo_mysql if you want to use sqlite
&& docker-php-ext-install gd mysqli pdo pdo_mysql
COPY --from=composer:latest /usr/bin/composer /usr/local/bin/composer
COPY --chown=www-data:www-data . .
COPY --chown=www-data:www-data config/config.inc.php.dist config/config.inc.php
# This is configuring the stuff for the API
RUN cd /var/www/html/vulnerabilities/api \
&& composer install \
================================================
FILE: README.ar.md
================================================
# DAMN VULNERABLE WEB APPLICATION
إن Damn Vulnerable Web Application (DVWA) هو تطبيق ويب تم إضعافه عمداً ومصمم بـ PHP / MySQL. الهدف الرئيسي هو مساعدة مختصي أمن المعلومات وذلك باختبار مهاراتهم وأدواتهم في بيئة تشبه البيئة الحقيقية، ومساعدة مطوري الويب على فهم طرق تأمين تطبيقات الويب بشكل أفضل ومساعدة كل من الطلاب والمدرسين في التعرف على أمان تطبيقات الويب في بيئة محكمة.
الهدف من DVWA هو **التدرب على بعض نقاط الضعف على الويب الأكثر شيوعًا** ، ضمن **مستويات مختلفة من الصعوبة** ، بواجهة بسيطة ومباشرة.
يرجى ملاحظة أن هناك **ثغرات موثقة وغير موثقة** في هذا التطبيق ,هو إجراء متعمد. نحن نشجع على محاولة اكتشاف أكبر عدد ممكن من المشكلات.
- - -
## تحذير!
إن Damn Vulnerable Web Application (DVWA) ضعيف للغاية أمنياً! **لا تضعه في مجلد html العام في الاستضافة الخاصة بك أو الخوادم التي تعمل على الانترنت** ، إذ أنه سيتم اختراقها. يُوصى باستخدام كيان افتراضي (مثل [VirtualBox] (https://www.virtualbox.org/) أو [VMware] (https://www.vmware.com/)) ، ويتم تعيينه على وضع شبكة NAT، يمكنك تنزيل وتثبيت [XAMPP] (https://www.apachefriends.org/) لخادم الويب وقاعدة البيانات.
### إخلاء مسؤولية
نحن لا نتحمل مسؤولية الطريقة التي يستخدم بها أي شخص هذا التطبيق (DVWA). إذ أننا أوضحنا أغراض التطبيق ولا ينبغي استخدامه بشكل ضار. لقد أصدرنا تحذيرات واتخذنا تدابير لمنع المستخدمين من تثبيت DVWA على خوادم الويب الحقيقية. إذا تم اختراق خادم الويب الخاص بك عن طريق تثبيت DVWA ، فهذه ليست مسؤوليتنا ، بل تقع على عاتق الشخص / الأشخاص الذين قاموا بتحميله وتثبيته.
- - -
## ترخيص
هذا الملف جزء من Damn Vulnerable Web Application (DVWA).
يعد تطبيق Damn Vulnerable Web Application (DVWA) برنامجًا مجانيًا: يمكنك إعادة توزيعه و / أو تعديله
بموجب شروط GNU General Public License كما تم نشرها بواسطة
Free Software Foundation ، إما الإصدار 3 من الترخيص ، أو
(حسب اختيارك) أي إصدار لاحق.
يتم توزيع Damn Vulnerable Web Application (DVWA) لتحقيق الفائدة ،
ولكن دون أي ضمان ؛ حتى بدون الضمان الضمني لـ
القابلية للتسويق أو الملاءمة لغرض معين. يرجى الاطلاع على
ترخيص GNU General Public License لمزيد من التفاصيل.
يجب أن تكون قد تلقيت نسخة من ترخيص GNU General Public License
مع Damn Vulnerable Web Application (DVWA)، إذا لم تتلقى هذه الرخصة، يرجى الاطلاع على <https://www.gnu.org/licenses/>.
- - -
## الترجمة
هذا الملف متوفر بعدة لغات:
- الصينية: [简体中文](README.zh.md)
- التركية: [Türkçe](README.tr.md)
- العربية: [العربية](README.ar.md)
إذا كنت ترغب في المساهمة في ترجمة ، يرجى تقديم PR . ولا يعني ذلك مجرد استخدام خدمة الترجمة من Google وإرسال المساهمة ، إذ أنه سيتم رفضها.
- - -
## التحميل
توجد إصدارات مختلفة من DVWA حولها ، والإصدار الوحيد المدعوم هو أحدث مصدر من مستودع GitHub الرسمي. يمكنك إما سحب نسخة clone من الريبو Repo:
```
git clone https://github.com/digininja/DVWA.git
```
أو [تحميل ملف ZIP للملفات](https://github.com/digininja/DVWA/archive/master.zip).
- - -
## التثبيت
**يرجى التأكد من وجود ملف config / config.inc.php الخاص بك. إن وجود ملف config.inc.php.dist بمفرده لن يكون كافيًا ويجب عليك تعديله ليلائم بيئتك وإعادة تسميته إلى config.inc.php ، قد يخفي Windows امتدادات الملفات، يجب عليك إظهارها لتعديل امتداد الملف.](https://www.howtogeek.com/205086/beginner-how-to-make-windows-show-file-extensions/)**
### فيديو التثبيت
- [تثبيت Damn Vulnerable Web Application (DVWA) على نظام التشغيل Windows 10 ](https://www.youtube.com/watch?v=cak2lQvBRAo) [12:39 دقيقة]
### تثبيت Windows + XAMPP
أسهل طريقة لتثبيت DVWA هي تحميل [XAMPP] وتثبيته (https://www.apachefriends.org/) إذا لم يكن لديك خادم الويب جاهز ومعد مسبقاً.
يعد XAMPP وسيلة سهلة لتثبيت Apache Distribution في أنظمة Linux و Solaris و Windows و Mac OS X. تتضمن الحزمة خادم الويب Apache و MySQL و PHP و Perl وخادم FTP و phpMyAdmin.
يمكن تحميل XAMPP من هنا:
<https://www.apachefriends.org/>
ببساطة قم بفك ضغط dvwa.zip ، ضع الملفات التي تم فك ضغطها في مجلد html العام ، ثم اطلب العنوان التالي من المتصفح: `http://127.0.0.1/dvwa/setup.php`
### حزم Linux
إذا كنت تستخدم توزيعة Linux مبنية على Debian ، فستحتاج إلى تثبيت الحزم التالية _ (أو ما يكافئها) _:
`apt-get -y install apache2 mariadb-server php php-mysqli php-gd libapache2-mod-php`
سيعمل الموقع مع MySQL بدلاً من MariaDB لكننا نوصي بشدة باستخدام MariaDB لأنه يعمل خارج الصندوق، سيتعين عليك إجراء تغييرات لتمكين MySQL من العمل بشكل صحيح.
### إعداد قاعدة البيانات
لإعداد قاعدة البيانات ، ما عليك سوى الضغط على الزر `Setup DVWA` في القائمة الرئيسية ، ثم االضغط على الزر `Create / Reset Database`. سيؤدي هذا إلى إنشاء / إعادة تعيين قاعدة البيانات وإضافة بعض البيانات.
إذا ظهر خطأ أثناء محاولة إنشاء قاعدة البيانات، فتأكد من صحة بيانات الدخول قاعدة البيانات (اسم المستخدم وكلمة المرور) في الملف `/config/config.inc.php` *وهذا الملف يختلف عن config.inc.php.dist والذي يعتبر مثال.*
تم ضبط قيم المتحولات التالية افتراضياً وفق ما يلي:
```php
$_DVWA[ 'db_server'] = '127.0.0.1';
$_DVWA[ 'db_port'] = '3306';
$_DVWA[ 'db_user' ] = 'dvwa';
$_DVWA[ 'db_password' ] = 'p@ssw0rd';
$_DVWA[ 'db_database' ] = 'dvwa';
```
ملاحظة ، إذا كنت تستخدم MariaDB بدلاً من MySQL (يعد MariaDB افتراضيًا في Kali) ، فلا يمكنك استخدام root كمستخدم، يجب عليك إنشاء مستخدم قاعدة بيانات جديد. للقيام بذلك ، اتصل بقاعدة البيانات بصفتك المستخدم root، ونفذ الأوامر التالية:
```mysql
mysql> create database dvwa;
Query OK, 1 row affected (0.00 sec)
mysql> create user dvwa@localhost identified by 'p@ssw0rd';
Query OK, 0 rows affected (0.01 sec)
mysql> grant all on dvwa.* to dvwa@localhost;
Query OK, 0 rows affected (0.01 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
```
### تكوينات أخرى
اعتمادًا على نظام التشغيل الخاص بك وإصدار PHP ، قد ترغب في تغيير التكوين الافتراضي default configuration. سيكون موقع الملفات مختلفًا حسب كل جهاز.
**سماحيات المجلد**:
* المسار `/hackable/uploads/` - يجب أن تستطيع خدمة الويب الكتابة على هذا الملف (لتنفيذ وظيفة تحميل الملف).
* المسار `/external/phpids/0.6/lib/IDS/tmp/phpids_log.txt` - يجب أن تستطيع خدمة الويب الكتابة على هذا الملف (إذا كنت ترغب باستخدام PHPIDS).
**تكوين PHP**:
* الخيار `allow_url_include = on` - السماح بتضمين الملفات عن بعد Remote File Inclusions (RFI) [[allow_url_include](https://secure.php.net/manual/en/filesystem.configuration.php#ini.allow-url-include)]
* الخيار `allow_url_fopen = on` - السماح بتضمين الملفات عن بعد Remote File Inclusions (RFI) [[allow_url_fopen](https://secure.php.net/manual/en/filesystem.configuration.php#ini.allow-url-fopen)]
* الخيار `safe_mode = off` - (إذا كان إصدار PHP أقل من أو يساوي 5.4) السماح بحقن SQL - SQL Injection (SQLi) [[safe_mode](https://secure.php.net/manual/en/features.safe-mode.php)]
* الخيار `magic_quotes_gpc = off` - (إذا كان إصدار PHP أقل من أو يساوي 5.4) السماح بحقن SQL - SQL Injection (SQLi) [[magic_quotes_gpc](https://secure.php.net/manual/en/security.magicquotes.php)]
* الخيار `display_errors = off` - (اختياري) إخفاء رسائل تحذير PHP لجعلها أقل إسهابًا [[display_errors](https://secure.php.net/manual/en/errorfunc.configuration.php#ini.display-errors)]
**الملف: `config/config.inc.php`**:
* المتحولات `$_DVWA[ 'recaptcha_public_key' ]` و`$_DVWA[ 'recaptcha_private_key' ]` يجب توليد قيم هذه المتحولات وذلك من خلال: https://www.google.com/recaptcha/admin/create
### بيانات الدخول الافتراضية
**اسم المستخدم الالافتراضي = `admin`**
**كلمة المرور الافتراضية = `password`**
_...يمكن بسهولة تخمينها باستخدام هجوم Brute Force ;)_
رابط تسجيل الدخول : http://127.0.0.1/login.php
_ملاحظة: سيختلف الرابط في حال تثبيت DVWA في مسار مختلف._
- - -
## حاوية Docker
- يمكنك زيارة [dockerhub صفحة](https://hub.docker.com/r/vulnerables/web-dvwa/)
`docker run --rm -it -p 80:80 vulnerables/web-dvwa`
يرجى التأكد من أنك تستخدم aufs بسبب مشاكل MySQL السابقة. نفذ الأمر `docker info` للتحقق من storage driver. إذا لم يكن aufs ، يرجى تغييره على هذا النحو. هناك أدلة لكل نظام تشغيل حول كيفية القيام بذلك ، لكنها مختلفة تمامًا لذا لن نغطي ذلك هنا.
- - -
## استكشاف الأخطاء وإصلاحها
يفترض هذا أنك تستخدم توزيعة قائمة على Debian ، كـ Debian و Ubuntu و Kali. بالنسبة إلى التوزيعات الأخرى ، اتبع ذلك ، ولكن قم بتعديل الأمر عند الضرورة.
### الحصول على استجابة 404 عند تصفح الموقع
إذا كنت تواجه هذه المشكلة ، فأنت بحاجة إلى فهم مواقع الملفات. بشكل افتراضي ، جذر مستندات Apache (Apache document root هو المكان الذي يبدأ فيه البحث عن محتوى الويب) هو `/var/www/html/` إذا وضعت الملف `hello.txt` في هذا المجلد، يمكن الوصول إليه بطلب `http://localhost/hello.txt` من المتصفح.
إذا أنشأت مجلد ووضعت الملف فيه - `/var/www/html/mydir/hello.txt` فيمكنك الوصول إلى الملف من الخلال المتصفح بزيارة `http://localhost/mydir/hello.txt`.
يعتبر Linux بشكل افتراضي حساسًا لحالة الأحرف ، وبالتالي في المثال أعلاه ، إذا حاولت التصفح للوصول إلى أي من الروابط التالية، فستحصل على `404 Not Found`:
- `http://localhost/MyDir/hello.txt`
- `http://localhost/mydir/Hello.txt`
- `http://localhost/MYDIR/hello.txt`
كيف يؤثر ذلك على DVWA؟ يستخدم معظم الأشخاص git للتحقق من DVWA في `/var/www/html` ، وهذا يمنحهم الدليل `/var/www/html/DVWA/` متضمنة جميع ملفات DVWA بداخله. ثم يقومون بطلب الرابط `http://localhost/`من المتصفح ويحصلون على 404 أو الصفحة الافتراضية في Apache. نظرًا لأن الملفات موجودة في مجلد DVWA ، يجب طلب `http://localhost/DVWA`.
الخطأ الشائع الآخر هو طلب الرابط `http://localhost/dvwa` والذي سيعطي` 404` لأن `dvwa` ليس` DVWA` بسبب حساسية الأحرف في Linux.
لذلك بعد الإعداد ، إذا حاولت زيارة الموقع والحصول على "404" ، ففكر في المكان الذي قمت بتثبيت الملفات فيه ، وأين ترتبط بالمسار الأساسي ، وما هو اسم المجلد الذي استخدمته.
### مشكلة "Access denied"
إذا رأيت ما يلي عند تشغيل البرنامج النصي للإعداد setup script ، فهذا يعني أن اسم المستخدم أو كلمة المرور في ملف التكوين لا يتطابقان مع تلك التي تم تكوينها في قاعدة البيانات:
```
Database Error #1045: Access denied for user 'notdvwa'@'localhost' (using password: YES).
```
يخبرك الخطأ أن اسم المستخدم هو `notdvwa`.
يشير الخطأ التالي إلى أنك وجهت ملف التكوين إلى قاعدة البيانات الخاطئة.
```
SQL: Access denied for user 'dvwa'@'localhost' to database 'notdvwa'
```
رسالة الخطأ توضح أنك تستخدم المستخدم `dvwa` وتحاول الاتصال بقاعدة البيانات `notdvwa`.
أول ما يجب القيام به هو التحقق مرة أخرى مما تعتقد أنك قد وضعته في ملف التكوين صحيح ومطابق للبيانات الفعلية.
إذا كان يتطابق مع ما تتوقعه ، فإن الشيء التالي الذي يجب فعله هو التحقق من أنه يمكنك تسجيل الدخول كمستخدم في محرر الأوامر command line. بافتراض أن لديك مستخدم قاعدة بيانات لـ `dvwa` وكلمة مرور هي `p@ssw0rd`، قم بتنفيذ الأمر التالي:
```
mysql -u dvwa -pp@ssw0rd -D dvwa
```
*ملاحظة: لا يوجد مسافة بعد -p*
إذا ظهر الخرج التالي، فكلمة المرور صحيحة:
```
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 14
Server version: 10.3.22-MariaDB-0ubuntu0.19.10.1 Ubuntu 19.10
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [dvwa]>
```
نظرًا لأنه يمكنك الاتصال في سطر الأوامر ، فمن المحتمل أن يكون هناك خطأ ما في ملف التكوين ، تحقق مرة أخرى من ذلك ثم قم بإنشاء تذكرة للمشكلة إذا كنت لا تزال غير قادر على التشغيل.
إذا رأيت ما يلي ، فإن اسم المستخدم أو كلمة المرور التي تستخدمها غير صحيحة. كرر خطوات [إعداد قاعدة البيانات](#إعداد-قاعدة-البيانات) وتأكد من استخدام اسم المستخدم وكلمة المرور نفسهما طوال العملية.
```
ERROR 1045 (28000): Access denied for user 'dvwa'@'localhost' (using password: YES)
```
إذا حصلت على ما يلي ، فإن بيانات الدخول صحيحة ولكن ليس لدى المستخدم حق الوصول إلى قاعدة البيانات. مرة أخرى ، كرر خطوات الإعداد وتحقق من اسم قاعدة البيانات التي تستخدمها.
```
ERROR 1044 (42000): Access denied for user 'dvwa'@'localhost' to database 'dvwa'
```
الخطأ النهائي الذي يمكن أن تحصل عليه هو :
```
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
```
هذه ليست مشكلة مصادقة ولكنها تخبرك أن خادم قاعدة البيانات لا يعمل. يمكنك تشغيله بتنفيذ الأمر التالي
```sh
sudo service mysql start
```
### مشكلة Unknown authentication method
مع أحدث إصدارات MySQL ، لم يعد بإمكان PHP الاتصال بقاعدة البيانات في تكوينها الافتراضي. إذا حاولت تشغيل البرنامج النصي للإعداد setup script وتلقيت الرسالة الjالية ، فهذا يعني أنه عليك إجراء بعض التعديلات على التكوين.
```
Database Error #2054: The server requested authentication method unknown to the client.
```
لديك خياران ، أسهلهما هو إلغاء تثبيت MySQL وتثبيت MariaDB. تجد في الرابط التالي الدليل الرسمي لمشروع MariaDB:
<https://mariadb.com/resources/blog/how-to-migrate-from-mysql-to-mariadb-on-linux-in-five-steps/>
بدلاً من ذلك، اتبع الخطوات التالية:
1- باستخدام الحساب root، عدل الملف التالي: `/etc/mysql/mysql.conf.d/mysqld.cnf`.
2- أضف ما يلي تحت لاسطر `[mysqld]`:
`default-authentication-plugin=mysql_native_password`
3- أعد تشغيل خدمة قواعد البيانات: `sudo service mysql restart`.
4- تخقق من طريقة المصادقة الخاصة بحساب قاعدة البيانات:
```sql
mysql> select Host,User, plugin from mysql.user where mysql.user.User = 'dvwa';
+-----------+------------------+-----------------------+
| Host | User | plugin |
+-----------+------------------+-----------------------+
| localhost | dvwa | caching_sha2_password |
+-----------+------------------+-----------------------+
1 rows in set (0.00 sec)
```
5- من المرجح أنها `caching_sha2_password`، إذا كان كذلك، نفذ ما يلي:
```sql
mysql> ALTER USER dvwa@localhost IDENTIFIED WITH mysql_native_password BY 'p@ssw0rd';
```
6- تحقق مجدداً، يجب أن تصبح الآن `mysql_native_password` .
```sql
mysql> select Host,User, plugin from mysql.user where mysql.user.User = 'dvwa';
+-----------+------+-----------------------+
| Host | User | plugin |
+-----------+------+-----------------------+
| localhost | dvwa | mysql_native_password |
+-----------+------+-----------------------+
1 row in set (0.00 sec)
```
بعد كل ما سبق، يجب أن تعمل عملية الإعدد بحالتها الطبيعية.
إذا كنت تريد المزيد من المعلومات يرجى الاطلاع على: <https://www.php.net/manual/en/mysqli.requirements.php>.
### مشكلة Database Error #2002: No such file or directory.
إذا كان خادم قاعدة البيانات لا يعمل. وكنت تسخدم توزيعة مبنية على Debian، يمكن القيام بذلك باستخدام:
```sh
sudo service mysql start
```
### معالجة الأخطاء "MySQL server has gone away" و "Packets out of order"
هناك عدة أسباب لحدوث هذه الأخطاء ، ولكن السبب المرجح هو عدم توافق إصدار خادم قاعدة البيانات مع إصار PHP.
وهو الأكثر شيوعًا عند تشغيل أحدث إصدار من MySQL و PHP ، لا يعمل التطبيق بشكل جيد. ولذلك ننصح باستبدال MySQL بـ MariaDB لأن هذه المشكلة لا يوجد دعم لها في الوقت الحالي.
لمزيد من المعلومات، يرجى الاطلاع على:
<https://www.ryadel.com/en/fix-mysql-server-gone-away-packets-order-similar-mysql-related-errors/>
### لا يعمل حقن SQL باستخدام PHP v5.2.6
توقف دعم PHP 5.x منذ يناير 2019 ، لذلك نوصي بتشغيل DVWA بإصدار 7.x الحالي ، إذا كنت مضطراً لاستخدام الإصدار 5.x ..
إذا كنت تستخدم إصدار PHP v5.2.6 أو أحدث ، فستحتاج إلى القيام بما يلي حتى يعمل حقن SQL والثغرات الأمنية الأخرى.
استبدل الآتي في ملف `htaccess.`:
```php
<IfModule mod_php5.c>
php_flag magic_quotes_gpc off
#php_flag allow_url_fopen on
#php_flag allow_url_include on
</IfModule>
```
بهذا:
```php
<IfModule mod_php5.c>
magic_quotes_gpc = Off
allow_url_fopen = On
allow_url_include = On
</IfModule>
```
### فشل حقن الأوامر Command Injection
قد لا يكون لدى Apache امتيازات عالية كافية لتنفيذ الأوامر على خادم الويب. إذا كنت تقوم بتشغيل DVWA على نظام Linux ، فتأكد من تسجيل الدخول كمستخدم root. أما في Windows قم بتسجيل الدخول كـ administrator.
### لماذا لا يمكن الاتصال بقاعدة البيانات في CentOS؟
قد تواجه مشاكل مع SELinux، قم إما بتعطيل SELinux أو تشغيل هذا الأمر للسماح لخادم الويب بالتخاطب مع قاعدة البيانات:
```
setsebool -P httpd_can_network_connect_db 1
```
### لأي مشكلة أخرى
للحصول على أحدث معلومات استكشاف الأخطاء وإصلاحها ، يرجى قراءة كل من التذاكر المفتوحة والمغلقة في الريبو git repo:
<https://github.com/digininja/DVWA/issues>
قبل إرسال التذكرة ، يرجى التأكد من تشغيل أحدث إصدار من الكود من الريبو. هذا ليس أحدث إصدار ، هذا هو أحدث كود من الفرع الرئيسي master branch .
في حالة إنشاء تذكرة ، يرجى تقديم المعلومات التالية على الأقل:
- نظام التشغيل
- آخر 5 أسطر من سجل أخطاء خادم الويب مباشرة بعد حدوث أي خطأ تقوم بالإبلاغ عنه
- إذا كانت المشكلة تتعلق بمصادقة قاعدة البيانات ، فانتقل إلى الخطوات السابقة أعلاه وقم بتصوير كل خطوة. وأرسلها مع لقطة شاشة لقسم ملف التكوين الذي يظهر مستخدم قاعدة البيانات وكلمة المرور.
- وصف كامل للخطأ الذي يحدث ، وما تتوقع حدوثه ، وما حاولت فعله لإصلاحه. "تعطل تسجيل الدخول" لا يكفي بالنسبة لنا لفهم مشكلتك والمساعدة في حلها.
- - -
## حقن SQL في SQLite3
_ الدعم لهذا الأمر محدود ، قبل طرح مشكلتك، يرجى التأكد من استعدادك للعمل على تصحيح الأخطاء ، ولا تكتب ببساطة "أنه لا يعمل" ._
بشكل افتراضي ، يتم تنفيذ SQLi و Blind SQLi على خادم MariaDB / MySQL المستخدم في الموقع ولكن من الممكن التبديل لإجراء اختبار SQLi على SQLite3 بدلاً من ذلك.
لن نتطرق إلى كيفية تشغيل SQLite3 مع PHP ، ولكنها من المفترض أن تكون حالة بسيطة وذلك بتثبيت حزمة `php-sqlite3` والتأكد من تفعيلها.
لإجراء هذا التبديل ، قم ببساطة بتعديل ملف التكوين وإضافة أو تعديل هذه الأسطر:
```
$_DVWA["SQLI_DB"] = "sqlite";
$_DVWA["SQLITE_DB"] = "sqli.db";
```
بشكل افتراضي ، يستخدم الملف `database/sqli.db` ، إذا أحدثت خللا فيه، فما عليك سوى نسخ محتويات ملف `database/sqli.db.dist` ولصقها في الملف الذي تعمل عليه.
التحديات هي نفسها تمامًا مثل MySQL ، ولكنك الآن تنفذها في SQLite3 بدلاً من MySQL.
- - -
## روابط
الصفحة الرئيسية للمشروع: <https://github.com/digininja/DVWA>
*تم إنشاؤها بواسطة فريقDVWA *
================================================
FILE: README.es.md
================================================
# DAMN VULNERABLE WEB APPLICATION
Damn Vulnerable Web Application (DVWA) es una aplicación web hecha en PHP/MySQL que es extremadamente vulnerable. Su principal objetivo es ayudar a profesionales de seguridad a poner a prueba sus habilidades y herramientas en un entorno legal, ayudar a desarrolladores web a comprender mejor los procesos de asegurar aplicaciones web y ayudar tanto a estudiantes como a profesores a aprender sobre seguridad de aplicaciones web en un entorno de clase controlado.
El objetivo de DVWA es **practicar algunas de las vulnerabilidades web más comunes**, con **varios niveles de dificultad**, con una interfaz sencilla y directa.
Tener en cuenta que hay **tanto vulnerabilidades documentadas como no documentadas** en este software. Esto es intencional. Le animamos a que intente descubrir tantos problemas como sea posible.
- - -
## ¡AVISO!
¡Damn Vulnerable Web Application es extremadamente vulnerable! **No la suba a la carpeta html pública de su proveedor de alojamiento ni a ningún servidor expuesto a Internet**, ya que se verán comprometidos. Se recomienda utilizar una máquina virtual (como [VirtualBox](https://www.virtualbox.org/) o [VMware](https://www.vmware.com/)), que esté configurada en modo de red NAT. Dentro de una máquina huésped, puede descargar e instalar [XAMPP](https://www.apachefriends.org/) para montar el servidor web y la base de datos.
### Descargo de responsabilidad
No nos hacemos responsables de la forma en que cualquier persona utilice esta aplicación (DVWA). Hemos dejado claros los propósitos de la aplicación y no debe usarse de forma malintencionada. Hemos advertido y tomado medidas para evitar que los usuarios instalen DVWA en servidores web activos. Si su servidor web se ve comprometido por una instalación de DVWA, no es responsabilidad nuestra, sino de la persona o personas que lo subieron e instalaron.
- - -
## Licencia
Este archivo es parte de Damn Vulnerable Web Application (DVWA).
Damn Vulnerable Web Application (DVWA) es software libre: puede redistribuirlo y/o modificarlo bajo los términos de la Licencia Pública General GNU publicada por la Free Software Foundation, ya sea la versión 3 de la Licencia, o (a su elección) cualquier versión posterior.
Damn Vulnerable Web Application (DVWA) se distribuye con la esperanza de que sea útil, pero SIN NINGUNA GARANTÍA; ni siquiera la garantía implícita de
COMERCIABILIDAD o IDONEIDAD PARA UN PROPÓSITO PARTICULAR. Consulte la Licencia Pública General GNU para más detalles.
Debería haber recibido una copia de la Licencia Pública General GNU junto con Damn Vulnerable Web Application (DVWA). Si no es así, consulte <https://www.gnu.org/licenses/>.
- - -
## Internacionalización
Este archivo está disponible en varios idiomas:
- Árabe: [العربية](README.ar.md)
- Chino: [简体中文](README.zh.md)
- Español: [Español](README.es.md)
- Francés: [Français](README.fr.md)
- Persa: [فارسی](README.fa.md)
- Turco: [Türkçe](README.tr.md)
Si desea contribuir con una traducción, envíe una PR (Pull Request). Tenga en cuenta, sin embargo, que esto no significa que sólo tiene que usar Google Translate y enviar el resultado de traducción de la herramienta, pues será rechazado. Envíe su versión traducida añadiendo un nuevo archivo 'README.xx.md' donde xx es el código de dos letras del idioma deseado (basado en [ISO 639-1](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes)).
- - -
## Descarga
Aunque existen varias versiones de DVWA, la única versión con soporte es la última del repositorio oficial de GitHub. Usted puede clonarlo desde el repositorio:
```
git clone https://github.com/digininja/DVWA.git
```
O [descargar un ZIP con todos los archivos](https://github.com/digininja/DVWA/archive/master.zip).
- - -
## Instalación
### Videos de Instalación
- [Instalando DVWA en Kali corriendo en VirtualBox](https://www.youtube.com/watch?v=WkyDxNJkgQ4)
- [Instalación de DVWA en Windows usando XAMPP](https://youtu.be/Yzksa_WjnY0)
- [Instalación de Damn Vulnerable Web Application (DVWA) en Windows 10](https://www.youtube.com/watch?v=cak2lQvBRAo)
### Windows + XAMPP
La forma más fácil de instalar DVWA es descargar e instalar [XAMPP](https://www.apachefriends.org/) si aún no tiene un servidor web configurado.
XAMPP es una distribución de Apache muy fácil de instalar para Linux, Solaris, Windows y Mac OS X. El paquete incluye el servidor web Apache, MySQL, PHP, Perl, un servidor FTP y phpMyAdmin.
Este [video](https://youtu.be/Yzksa_WjnY0) le guiará a través del proceso de instalación para Windows, pero debería ser similar para otros sistemas operativos.
### Archivo de configuración
DVWA se entrega con una plantilla del archivo de configuración que tendrá que copiar en su lugar y luego hacer los cambios apropiados. En Linux, suponiendo que se encuentra en el directorio DVWA, esto se puede hacer de la siguiente manera:
```bash
cp config/config.inc.php.dist config/config.inc.php
```
En Windows, esto puede ser un poco más difícil si está ocultando las extensiones de archivo, si no está seguro acerca de esto, esta publicación de blog explica más sobre eso:
[Cómo hacer que Windows muestre las extensiones de archivo](https://www.howtogeek.com/205086/beginner-how-to-make-windows-show-file-extensions/)
### Paquetes Linux
Si utiliza una distribución de Linux basada en Debian, necesitará instalar los siguientes paquetes _(o sus equivalentes)_:
- apache2
- libapache2-mod-php
- mariadb-server
- mariadb-client
- php php-mysqli
- php-gd
Se recomienda hacer una actualización antes de esto, sólo para asegurarse de que va a obtener la última versión de todos los paquetes.
```
apt update
apt install -y apache2 mariadb-server mariadb-client php php-mysqli php-gd libapache2-mod-php
```
El sitio funcionará con MySQL en lugar de MariaDB, pero recomendamos MariaDB, ya que funciona con su instalación por defecto y sin cambio alguno, mientras que usted tendrá que hacer cambios para hacer que para MySQL funcione correctamente.
### Configuración de la base de datos
Para configurar la base de datos, simplemente haga clic en el botón `Setup DVWA` en el menú principal, a continuación, haga clic en el botón `Create / Reset Database`. Esto creará / reiniciará la base de datos e insertará algunos datos de ejemplo.
Si recibe un error al intentar crear su base de datos, asegúrese de que sus credenciales de la base de datos dentro de `./config/config.inc.php` están correctamente escritas. *Esto difiere de config.inc.php.dist, que es un archivo de ejemplo.*
Las variables son las siguientes por defecto:
```php
$_DVWA[ 'db_server'] = '127.0.0.1';
$_DVWA[ 'db_port'] = '3306';
$_DVWA[ 'db_user' ] = 'dvwa';
$_DVWA[ 'db_password' ] = 'p@ssw0rd';
$_DVWA[ 'db_database' ] = 'dvwa';
```
Nota, si está usando MariaDB en lugar de MySQL (MariaDB viene por defecto en Kali), entonces no podrá usar el usuario root de la base de datos, por tanto, debe crear un nuevo usuario de base de datos. Para hacer esto, debe conectarse a la base de datos como usuario root y usar los siguientes comandos:
```mysql
mysql> create database dvwa;
Query OK, 1 row affected (0.00 sec)
mysql> create user dvwa@localhost identified by 'p@ssw0rd';
Query OK, 0 rows affected (0.01 sec)
mysql> grant all on dvwa.* to dvwa@localhost;
Query OK, 0 rows affected (0.01 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
```
### Desactivar Autenticación
Algunas herramientas no funcionan bien con mecanismos de autenticación, por lo que no se pueden utilizar con DVWA si la autenticación está habilitada. Para resolver esto, existe una opción de configuración para desactivar la verificación de autenticación. Para ello, simplemente establezca lo siguiente en el archivo de configuración:
```php
$_DVWA[ 'disable_authentication' ] = true;
```
También tendrá que establecer el nivel de seguridad a uno que sea apropiado para las pruebas que desea hacer:
```php
$_DVWA[ 'default_security_level' ] = 'low';
```
En este estado, puede acceder a todas las funciones sin necesidad de iniciar sesión y tampoco tener que configurar cookies.
### Otras Configuraciones
Dependiendo de su sistema operativo, así como la versión de PHP, es posible que desee modificar la configuración por defecto. La ubicación de los archivos será diferente para cada máquina.
**Permisos de carpeta**:
* `./hackable/uploads/` - El servicio web necesita tener permisos de escritura en esta carpeta (para la subida de archivos).
* `./external/phpids/0.6/lib/IDS/tmp/phpids_log.txt` - El servicio web necesita tener permisos de escritura en esta carpeta (si desea usar PHPIDS).
**Configuración de PHP**:
* Para permitir la inclusión remota de archivos (RFI):
* `allow_url_include = on` [[allow_url_include](https://secure.php.net/manual/en/filesystem.configuration.php#ini.allow-url-include)]
* `allow_url_fopen = on` [[allow_url_fopen](https://secure.php.net/manual/en/filesystem.configuration.php#ini.allow-url-fopen)]
* Para reducir opcionalmente la verbosidad ocultando los mensajes de advertencia de PHP:
* `display_errors = off` [[display_errors](https://secure.php.net/manual/en/errorfunc.configuration.php#ini.display-errors)]
**Archivo: `config/config.inc.php`**:
* `$_DVWA[ 'recaptcha_public_key' ]` & `$_DVWA[ 'recaptcha_private_key' ]` - Estos valores deben ser generados desde: https://www.google.com/recaptcha/admin/create
### Credenciales por defecto
**Nombre de usuario por defecto = `admin`**
**Contraseña por defecto = `password`**
_...puede ser fácilmente crackeada con fuerza bruta ;)_
URL de Acceso: http://127.0.0.1/login.php
Nota: La URL de acceso será diferente si ha instalado DVWA en un directorio distinto.
- - -
## Contenedor Docker
Esta sección del readme ha sido añadida por @thegrims, para soporte en temas Docker, por favor contactar con él o con @opsxcq que es quien mantiene la imagen Docker y el repositorio. Cualquier ticket de incidencia será probablemente referenciado a esto y cerrado.
- [Página DockerHub](https://hub.docker.com/r/vulnerables/web-dvwa/)
`docker run --rm -it -p 80:80 vulnerables/web-dvwa`
Por favor, asegúrese de que está utilizando aufs debido a problemas anteriores con MySQL. Ejecute `docker info` para comprobar su controlador de almacenamiento. Si no es aufs, por favor cámbielo. Hay guías para cada sistema operativo sobre cómo hacerlo, pero son bastante diferentes por lo que no lo cubriremos aquí.
- - -
## Solución de problemas
Esta sección supone que está usando una distribución basada en Debian, como Debian, Ubuntu y Kali. Para otras distribuciones, siga el mismo procedimiento, pero actualice el comando donde corresponda.
### He navegado hasta el sitio web y he obtenido un Error 404
Si está teniendo este problema, necesita entender la ubicación correcta de los archivos. Por defecto, el directorio raíz de los documentos de Apache (el lugar donde empieza a buscar contenido web) es `/var/www/html`. Si coloca el archivo `hello.txt` en este directorio, para acceder a él deberá navegar a `http://localhost/hello.txt`.
Si crea un directorio y pone el archivo allí - `/var/www/html/mydir/hello.txt` - tendrá que navegar a `http://localhost/mydir/hello.txt`.
Linux distingue por defecto entre mayúsculas y minúsculas, por lo que en el ejemplo anterior, si intentara navegar a cualquiera de estos sitios, obtendría un mensaje `404 Not Found`:
- http://localhost/MyDir/hello.txt
- http://localhost/mydir/Hello.txt
- http://localhost/MYDIR/hello.txt
¿Cómo afecta esto al DVWA? La mayoría de la gente utiliza git para obtener el DVWA en `/var/www/html`, esto les da el directorio `/var/www/html/DVWA/` con todos los archivos DVWA dentro de él. Entonces navegan a `http://localhost/` y obtienen un `404` o la página de bienvenida por defecto de Apache. Como los archivos están en DVWA, debe navegar a `http://localhost/DVWA`.
Otro error común es navegar a `http://localhost/dvwa` que dará un `404` porque `dvwa` no es `DVWA` en lo que se refiere a la correspondencia de directorios de Linux.
Así que después de la instalación, si intenta visitar el sitio y obtiene un `404`, piense dónde instaló los archivos, dónde están en relación con el directorio raíz de documentos, y recuerde si utilizó mayúsculas o minúsculas en ese directorio.
### "Access denied" ejecutando setup
Si ve lo siguiente al ejecutar el script de instalación significa que el nombre de usuario o la contraseña en el archivo de configuración no coinciden con los configurados en la base de datos:
```
Database Error #1045: Access denied for user 'notdvwa'@'localhost' (using password: YES).
```
El error le está diciendo que está usando el nombre de usuario `notdvwa`.
El siguiente error indica que en el archivo de configuración ha escrito un nombre de base de datos equivocado.
```
SQL: Access denied for user 'dvwa'@'localhost' to database 'notdvwa'
```
Está diciendo que está usando el usuario `dvwa` y tratando de conectarte a la base de datos `notdvwa`.
Lo primero que hay que hacer es comprobar que lo que se cree que ha puesto en el fichero de configuración es realmente lo que está ahí.
Si coincide con lo que se espera, lo siguiente es comprobar que se puede iniciar sesión como el usuario en cuestión a través de la línea de comandos. Asumiendo que tiene un usuario de base de datos `dvwa` y una contraseña `p@ssw0rd`, ejecute el siguiente comando:
```
mysql -u dvwa -pp@ssw0rd -D dvwa
```
*Nota: No hay espacio después de -p*
Si ve lo siguiente, la contraseña es correcta:
```
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 14
Server version: 10.3.22-MariaDB-0ubuntu0.19.10.1 Ubuntu 19.10
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [dvwa]>
```
Como puede conectarse en la línea de comandos, es probable que haya algo mal en el archivo de configuración, compruebe dos veces y luego plantee un Issue si todavía no puede hacer que las cosas funcionen.
Si ve lo siguiente, el nombre de usuario o la contraseña que está utilizando son incorrectos. Repita los pasos de [Database Setup](#database-setup) y asegúrese de usar el mismo nombre de usuario y contraseña durante todo el proceso.
```
ERROR 1045 (28000): Access denied for user 'dvwa'@'localhost' (using password: YES)
```
Si obtiene lo siguiente, las credenciales del usuario son correctas pero el usuario no tiene acceso a la base de datos. De nuevo, repita los pasos de configuración y compruebe el nombre de la base de datos que está utilizando.
```
ERROR 1044 (42000): Access denied for user 'dvwa'@'localhost' to database 'dvwa'
```
El último error que puede obtener es el siguiente:
```
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
```
Esto no es un problema de autenticación, sino que indica que el servidor de base de datos no se está ejecutando. Puede iniciar el servidor con lo siguiente:
```sh
sudo service mysql start
```
### Método de autenticación desconocido
Con las versiones más recientes de MySQL, PHP ya no puede comunicarse con la base de datos en su configuración por defecto. Si intenta ejecutar el script de instalación y obtiene el siguiente mensaje significa que tiene la configuración por defecto.
```
Database Error #2054: The server requested authentication method unknown to the client.
```
Tiene dos opciones, la más fácil es desinstalar MySQL e instalar MariaDB. La siguiente es la guía oficial del proyecto MariaDB:
<https://mariadb.com/resources/blog/how-to-migrate-from-mysql-to-mariadb-on-linux-in-five-steps/>
Alternativamente, siga estos pasos:
1. Como root, edite el siguiente archivo `/etc/mysql/mysql.conf.d/mysqld.cnf`.
2. Bajo la línea `[mysqld]`, añada lo siguiente:
`default-authentication-plugin=mysql_native_password`.
3. Reinicie el servidor de base de datos: `sudo service mysql restart`
4. Compruebe el método de autenticación del usuario de la base de datos:
```sql
mysql> select Host,User, plugin from mysql.user where mysql.user.User = 'dvwa';
+-----------+------------------+-----------------------+
| Host | User | plugin |
+-----------+------------------+-----------------------+
| localhost | dvwa | caching_sha2_password |
+-----------+------------------+-----------------------+
1 rows in set (0.00 sec)
```
5. Es probable que vea `caching_sha2_password`. Si es así, ejecute el siguiente comando:
```sql
mysql> ALTER USER dvwa@localhost IDENTIFIED WITH mysql_native_password BY 'p@ssw0rd';
```
6. Al volver a ejecutar la verificación, ahora debería ver `mysql_native_password`.
```sql
mysql> select Host,User, plugin from mysql.user where mysql.user.User = 'dvwa';
+-----------+------+-----------------------+
| Host | User | plugin |
+-----------+------+-----------------------+
| localhost | dvwa | mysql_native_password |
+-----------+------+-----------------------+
1 row in set (0.00 sec)
```
Después de todo esto, el proceso de configuración debería funcionar con normalidad.
Si desea más información consulte la siguiente página: <https://www.php.net/manual/en/mysqli.requirements.php>.
### Database Error #2002: No such file or directory.
El servidor de base de datos no se está ejecutando. En una distro basada en Debian esto se puede hacer con:
```sh
sudo service mysql start
```
### Errores "MySQL server has gone away" y "Packets out of order"
Hay algunas razones por las que podría estar obteniendo estos errores, pero la más probable es que la versión del servidor de base de datos que está ejecutando no sea compatible con la versión de PHP.
Esto se encuentra de forma más común cuando se está ejecutando la última versión de MySQL y PHP, y estás no se llevan bien. El mejor consejo, deshágase de MySQL e instale MariaDB ya que esto no es algo con lo que podamos ayudarte.
Para más información, vea:
<https://www.ryadel.com/en/fix-mysql-server-gone-away-packets-order-similar-mysql-related-errors/>
### La Inyección de Comandos no funcionará
Es posible que Apache no tenga privilegios suficientes para ejecutar comandos en el servidor web. Si está ejecutando DVWA en Linux asegúrese de que ha iniciado sesión como root. Bajo Windows inicie sesión como Administrador.
### ¿Por qué no se puede conectar la base de datos en CentOS?
Puede estar teniendo problemas con SELinux. Desactive SELinux o ejecute este comando para permitir que el servidor web se comunique con la base de datos:
```
setsebool -P httpd_can_network_connect_db 1
```
### Cualquier otra cosa
Para obtener la información más reciente sobre solución de problemas, lea los tickets abiertos y cerrados en el repositorio git:
<https://github.com/digininja/DVWA/issues>
Antes de enviar un ticket, por favor asegúrese de que está ejecutando la última versión del código del repositorio. No se trata de la última versión liberada (released), sino del último código disponible en la rama master.
Si desea enviar un ticket, por favor envíe al menos la siguiente información:
- Sistema operativo
- Las últimas 5 líneas del log de errores del servidor web justo después de que se produzca el error del que está informando.
- Si se trata de un problema de autenticación de base de datos, siga los pasos anteriores y haga una captura de pantalla de cada paso. Envíelas junto con una captura de pantalla de la sección del archivo de configuración que muestra el usuario y la contraseña de la base de datos.
- Una descripción completa de lo que está fallando, lo que espera que ocurra y lo que ha intentado hacer para solucionarlo. "inicio de sesión roto" no es suficiente para que entendamos su problema y le ayudemos a solucionarlo.
- - -
## Inyección SQL en SQLite3
_El soporte para esto es limitado, antes de abrir tickets en Issues, por favor asegúrese de que está preparado para trabajar en la depuración del problema, no se limite a decir "no funciona"._
Por defecto, SQLi y Blind SQLi se hacen contra el servidor MariaDB/MySQL utilizado por el sitio, pero es posible cambiar la configuración para hacer las pruebas SQLi contra SQLite3 en su lugar.
No se va a cubrir cómo hacer que SQLite3 funcione con PHP, pero debería ser un simple caso de instalar el paquete `php-sqlite3` y asegurarse de que está habilitado.
Para hacer el cambio, simplemente edite el archivo de configuración y añada o edite estas líneas:
```
$_DVWA["SQLI_DB"] = "sqlite";
$_DVWA["SQLITE_DB"] = "sqli.db";
```
Por defecto se utiliza el fichero `database/sqli.db`, si lo estropea al archivo por error, simplemente copiar el archivo `database/sqli.db.dist` y sobreescribir el existente estropeado.
Los retos son exactamente los mismos que para MySQL, sólo que se ejecutan contra SQLite3 en su lugar.
- - -
👨💻 Contribuyentes
-----
Gracias por todas sus contribuciones y por mantener este proyecto actualizado. :heart:
Si tienes una idea, algún tipo de mejora o simplemente quieres colaborar, eres bienvenido de contribuir y participar en el proyecto, siéntete libre de enviar tu PR.
<p align="center">
<a href="https://github.com/digininja/DVWA/graphs/contributors">
<img src="https://contrib.rocks/image?repo=digininja/DVWA&max=500">
</a>
</p>
- - -
## Enlaces
Inicio del proyecto: <https://github.com/digininja/DVWA>
*Creado por el Equipo de DVWA*
================================================
FILE: README.fa.md
================================================
# وب اپلیکیشن آسیب پذیر لعنتی
وب اپلیکیشن آسیب پذیر لعنتی (DVWA)، یک وب اپلیکیشن مبتنی بر پیاچپی/مایاسکیوال است که به شدت آسیبپذیر طراحی شده است. هدف اصلی این وب اپلیکیشن برای متخصصان امنیت می باشد که در یک محیط امن ابزار ها و توانایی خودشان را محک بزنند، به توسعهدهندگان کمک می کند تا نحوه ایمن سازی یک وب اپلیکیشن را متوجه شوند همچنین به دانش آموزان و معلمان کمک می کند تا در یک محیط تحت نظارت در مورد امنیت وب اپلیکیشن مطالعه کنند.
هدف DVWA، **تمرین بخشی از متداولترین آسیبپذیریهای وب**، در **سطوح متفاوتی از دشواری**، با بهراگیری از یک رابط کاربری آسان است.
لطفاً در نظر داشته باشد که در این نرمافزار آسیبپذیریهای **مستند شده و مستند نشده** وجود دارد.
این عمدی است. شما را تشویق میکنیم که تا حد امکان سعی کنید مشکلات بیشتری را کشف کنید.
- - -
## هشدار!
وب اپلیکیشن آسیب پذیر لعنتی، به شکل خطرناکی آسیبپذیر است! **آن را در پوشههای اچتیامال عمومی سرویس دهندهٔ میزبانی خود یا هر سروری که در اینترنت قرار دارد بارگذاری نکنید**، چراکه مورد نفوذ قرار خواهند گرفت. برای این کار استفاده از یک ماشین مجازی پیشنهاد میشود (مثل [ورچوال باکس](https://www.virtualbox.org/) یا [ویامویر](https://www.vmware.com/)) که در حالت شبکهای NAT پیکربندی شده باشد. در داخل ماشین مجازی میتوانید [زمپ](https://www.apachefriends.org/) را برای سرور وب و پایگاه دادهٔ خود دانلود کنید.
### تکذیبنامه
ما در مورد اینکه از این اپلیکیشن (DVWA) چگونه استفاده میشود هیچ مسؤولیتی نمیپذیریم. ما هدف این برنامه را به صراحت بیان کردهایم و از آن نباید برای مقاصد بدخواهانه استفاده شود. ما هشدارها و اقدامات خود را در جهت جلوگیری از نصب DVWA بر روی سرویسدهندگان وب برخط انجام دادهایم. اگر به سرور وب شما از طریق یک نسخه از DVWA نفوذ شد، تقصیری متوجه ما نیست. مسؤولیت آن بر عهدهٔ کسی است که آن را بارگذاری و نصب کرده است.
- - -
## مجوز
این فایل بخشی از وب اپلیکیشن آسیب پذیر لعنتی (DVWA) است.
وب اپلیکیشن آسیب پذیر لعنتی (DVWA) یک نرمافزار آزاد است. شما میتوانید آن را تحت مجوز نسخه سوم یا بهاختیر خودتان نسخههای جدیدتری از مجوز عمومی گنو (GNU) که توسط بنیاد نرمافزار آزاد منشر شده است، توزیع کنید و/یا تغییر دهید.
وب اپلیکیشن آسیب پذیر لعنتی (DVWA) به امید اینکه سودمند واقع شود توزیع شده است، لیکن بدون هیچگونه تضمینی، حتی به صورت ضمنی که برای مقاصد خاصی مناسب باشد ارائه میشود. مجوز عمومی گنو را برای اطلاعات بیشتر ببینید.
شما میبایست یک رونوشت از مجوز عمومی گنو را همرا با وب اپلیکیشن آسیب پذیر لعنتی (DVWA) دریافت کردهباشید. اگر این اتفاق نیفتاده است، <https://www.gnu.org/licenses/> را ببینید.
- - -
## بینالمللی سازی
این فایل به زبانهای مختلف دیگری موجود است:
- انگلیسی: [English](README.md) (نسخهٔ مرجع)
- عربی: [العربية](README.ar.md)
- چینی: [简体中文](README.zh.md)
- فرانسوی: [Français](README.fr.md)
- کره ای: [한국어](README.ko.md)
- لهستانی: [Polski](README.pl.md)
- پرتغالی: [Português](README.pt.md)
- اسپانیایی: [Español](README.es.md)
- ترکی: [Türkçe](README.tr.md)
- اندونزی: [Indonesia](README.id.md)
- ویتنامی: [Vietnamese](README.vi.md)
- ایتالیایی: [Italiano](README.it.md)
اگر مایل به ارائه ترجمه هستید، لطفاً یک PR ارسال کنید. البته توجه داشته باشید که این به این معنی نیست که فقط آن را از طریق Google Translate اجرا کنید و ارسال کنید، در غیر این صورت رد خواهد شد. نسخه ترجمه شده خود را با اضافه کردن یک فایل جدید 'README.xx.md' ارسال کنید که در آن xx کد دو حرفی زبان مورد نظر شما است (بر اساس [ISO 639-1](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes)).
- - -
## دانلود
در حالیکه ممکن است نسخههای متفاوتی از DVWA در اطراف پراکنده شده باشند، تنها نسخه پشتیبانی شده،آخرین نسخه از مخزن رسمی گیتهاب است. شما یا میتوانید آن را از طریق کلون کردن مخزن:
```
git clone https://github.com/digininja/DVWA.git
```
یا [دانلود نسخهٔ زیپشدهٔ فایلها](https://github.com/digininja/DVWA/archive/master.zip).
- - -
## نصب
### نصب خودکار 🛠️
**توجه داشته باشید، این یک اسکریپت رسمی DVWA نیست، بلکه توسط [IamCarron](https://github.com/iamCarron/) نوشته شده است. کار زیادی برای ایجاد این اسکریپت انجام شده است و وقتی ایجاد شد، هیچ کار مخربی انجام نداد، با این حال توصیه میشود محظ احتیاط قبل از اجرای کورکورانه اسکریپت روی سیستم خود، آن را بررسی کنید. لطفاً هرگونه اشکالی را به [IamCarron](https://github.com/iamCarron/) گزارش دهید، نه اینجا.**
یک اسکریپت پیکربندی خودکار برای DVWA در دستگاههای مبتنی بر دبیان، از جمله کالی، اوبونتو، کوبونتو، لینوکس مینت، زورین او اس...
**توجه: این اسکریپت به دسترسی روت نیاز دارد و برای سیستمهای مبتنی بر دبیان طراحی شده است. مطمئن شوید که آن را با کاربر روت اجرا میکنید.**
#### الزامات نصب
#### یک خطی
این دستور، اسکریپت نصب نوشته شده توسط [@IamCarron](https://github.com/IamCarron) را دانلود و به طور خودکار اجرا میکند. اگر ما به نویسنده و اسکریپت، همانطور که در زمان بررسی آن بود، اعتماد نداشتیم، این مورد در اینجا لحاظ نمیشد، اما همیشه احتمال سوءاستفادهی کسی وجود دارد، بنابراین اگر از اجرای کد شخص دیگری بدون بررسی آن توسط خودتان احساس امنیت نمیکنید، مراحل دستی را دنبال کنید و میتوانید پس از دانلود، آن را بررسی کنید.
```sh
sudo bash -c "$(curl --fail --show-error --silent --location https://raw.githubusercontent.com/IamCarron/DVWA-Script/main/Install-DVWA.sh)"
```
##### اجرای دستی اسکریپت
۱. **اسکریپت را دانلود کنید:**
```sh
wget https://raw.githubusercontent.com/IamCarron/DVWA-Script/main/Install-DVWA.sh
```
۲. **اسکریپت را قابل اجرا کنید**
```sh
chmod +x Install-DVWA.sh
```
۳. **اسکریپت را با دسترسی root اجرا کنید:**
```sh
sudo ./Install-DVWA.sh
```
### ویدئوهای نصب
- [نصب بر کالیلینوکس در ورچوالباکس](https://www.youtube.com/watch?v=WkyDxNJkgQ4)
- [نصب در وینوز با استفاده از زمپ](https://youtu.be/Yzksa_WjnY0)
- [نصب بر روی ویندوز ۱۰](https://www.youtube.com/watch?v=cak2lQvBRAo)
### ویندوز+زمپ
اگر تا به حال تنظیمات وب سرور را انجام ندادهاید، سادهترین راه برای نصب DVWA دانلود و نصب [XAMPP](https://www.apachefriends.org/) است.
برنامه XAMPP یک توزیع آپاچی با نصب بسیار آسان برای لینوکس، سولاریس، ویندوز و مک او اس ایکس است. این برنامه شامل وب سرور آپاچی، MySQL، PHP، Perl، یک سرور FTP و phpMyAdmin است.
این [ویدیو](https://youtu.be/Yzksa_WjnY0) مراحل نصب ویندوز را به شما نشان میدهد، در سایر سیستم عاملها نصب آن زیاد تفاوت ندارد.
### داکر
به لطف [hoang-himself](https://github.com/hoang-himself) و [JGillam](https://github.com/JGillam)، هر کامیت به شاخه `master` باعث میشود یک Image داکر ساخته شود و آماده دریافت از ساخت کانتینر گیتهاب باشد.
برای اطلاعات بیشتر در مورد آنچه دریافت میکنید، میتوانید [Image از پیش ساخته شده داکر] (https://github.com/digininja/DVWA/pkgs/container/dvwa) را مرور کنید.
#### شروع کار
پیشنیازها: داکر و داکر کامپوز.
- اگر از Docker Desktop استفاده میکنید، هر دوی این موارد باید از قبل نصب شده باشند.
- - اگر Docker Engine را روی لینوکس ترجیح میدهید، حتماً [راهنمای نصب] آنها (https://docs.docker.com/engine/install/#server) را دنبال کنید.
**همانطور که در بالا مشاهده می کنید، ما از آخرین نسخه Docker پشتیبانی میکنیم.**
اگر روی لینوکس از نسخهی Docker که از طریق package manager نصب شده استفاده کنید، احتمالاً کار میکند؛ اما اگر مشکلی پیش بیاد، پشتیبانی رسمی و تضمینی نداره و فقط در حد «تلاش میکنیم کمک کنیم» خواهد بود.
ارتقاء داکر از نسخه مدیریت بسته به نسخه آپاستریم مستلزم آن است که نسخههای قدیمی را همانطور که در دفترچههای راهنمای آنها برای [اوبونتو](https://docs.docker.com/engine/install/ubuntu/#uninstall-old-versions)، [فدورا](https://docs.docker.com/engine/install/fedora/#uninstall-old-versions) و سایر موارد مشاهده شده است، حذف نصب کنید. دادههای داکر شما (کانتینرها، تصاویر، ولومها و غیره) نباید تحت تأثیر قرار گیرند، اما در صورت بروز مشکل، حتماً [به داکر](https://www.docker.com/support) اطلاع دهید و در عین حال از موتورهای جستجو استفاده کنید.
سپس، برای شروع:
۱. برای بررسی نصب صحیح داکر و داکر کامپوز، دستورهای `docker version` و `docker compose version` را اجرا کنید. باید بتوانید نسخههای آنها را در خروجی مشاهده کنید.
برای مثال:
```text
>>> docker version
Client:
[...]
Version: 23.0.5
[...]
Server: Docker Desktop 4.19.0 (106363)
Engine:
[...]
Version: 23.0.5
>>> docker compose version
Docker Compose version v2.17.3
```
اگر نتیجه ای نمیبینید یا خطای command not found دریافت میکنید، پیشنیازهای راهاندازی Docker و Docker Compose را دنبال کنید.
۲. این مخزن را کلون یا دانلود کرده و از حالت فشرده خارج کنید (به [دانلود](#دانلود) مراجعه کنید).
۳. یک ترمینال باز کنید و دایرکتوری آن را به این پوشه (`DVWA`) تغییر دهید.
۴. دستور `docker compose up -d` را اجرا کنید.
حالا DVWA در آدرس `http://localhost:4280` در دسترس است.
توجه داشته باشید که DVWA موجود در کانتینر، به جای پورت پیشفرض ۸۰، بر روی پورت ۴۲۸۰ حالت Listening میباشد.
برای اطلاعات بیشتر در مورد این تصمیم، به [من میخواهم DVWA را روی یک پورت متفاوت اجرا کنم](#i-want-to-run-dvwa-on-a-different-port) مراجعه کنید.
#### ساخت در Local
اگر تغییرات Local ایجاد کردهاید و میخواهید پروژه را از Local بسازید، به `compose.yml` بروید و `pull_policy: always` را به `pull_policy: build` تغییر دهید.
اجرای دستور `docker compose up -d` باید باعث شود که داکر صرف نظر از آنچه در رجیستری موجود است، یک تصویر از سیستم محلی بسازد.
همچنین این را هم مطالعه کنید: [`pull_policy`](https://github.com/compose-spec/compose-spec/blob/master/05-services.md#pull_policy).
#### پردازش فایل های Local
اگر تغییرات محلی ایجاد میکنید و نمیخواهید پروژه را برای هر تغییر Build کنید:
۱. به فایل `compose.yml` بروید و این خط را از حالت کامنت خارج کنید:
```yaml
# volumes:
# - ./:/var/www/html
```
۲. برای کپی کردن فایل پیکربندی پیشفرض، دستور `cp config/config.inc.php.dist config/config.inc.php` را اجرا کنید.
۳. دستور `docker compose up -d` را اجرا کنید تا تغییرات در فایلهای محلی روی کانتینر اعمال شود.
### نسخه PHP
در حالت ایدهآل، شما باید از آخرین نسخه پایدار PHP استفاده کنید، زیرا این نسخهای است که این برنامه روی آن توسعه داده و آزمایش خواهد شد.
به کسانی که سعی در استفاده از PHP 5.x دارند، پشتیبانی ارائه نخواهد شد.
نسخههای پایینتر از ۷.۳ مشکلات شناختهشدهای دارند که باعث ایجاد عدم عملکرد صحیح میشود، بیشتر برنامه کار خواهد کرد، اما ممکن است مواردی به صورت تصادفی درست عمل نکنند. مگر اینکه دلیل بسیار خوبی برای استفاده از چنین نسخه قدیمی داشته باشید، پشتیبانی ارائه نخواهد شد.
### دسترسی های لینوکس
اگر از توزیع لینوکس مبتنی بر دبیان استفاده میکنید، باید بستههای زیر _(یا معادل آنها)_ را نصب کنید:
- apache2
- libapache2-mod-php
- mariadb-server
- mariadb-client
- php php-mysqli
- php-gd
توصیه میکنم قبل از این کار، یک بهروزرسانی انجام دهید، فقط برای اینکه مطمئن شوید آخرین نسخه همه چیز را دریافت میکنید.
```sh
apt update
apt install -y apache2 mariadb-server mariadb-client php php-mysqli php-gd libapache2-mod-php
```
این سایت به جای MariaDB با MySQL کار خواهد کرد، اما ما اکیداً MariaDB را توصیه میکنیم زیرا به صورت پیشفرض کار میکند، در حالی که برای عملکرد صحیح MySQL باید تغییراتی ایجاد کنید.
### ماژولهای آپاچی
اگر میخواهید از API lab استفاده کنید، باید ماژول آپاچی `mod_rewrite` را فعال کنید. برای انجام این کار در لینوکس، دستور زیر را اجرا کنید:
```sh
a2enmod rewrite
```
سپس Apache را راه اندازی مجدد کنید:
```sh
apachectl restart
```
### فایل های Vendor
اگر میخواهید از ماژول API استفاده کنید، باید مجموعهای از فایلهای Vendor را با استفاده از [Composer](https://getcomposer.org/) نصب کنید.
اول، مطمئن شوید که Composer را نصب کردهاید. به نظر میرسد نسخ قدیمی دارای مشکلاتی باشد، بنابراین من همیشه آخرین نسخه را از اینجا دریافت میکنم:
https://getcomposer.org/doc/00-intro.md
برای نصب، دستورالعملهایی که سایت ارائه میدهد را دنبال کنید.
حالا به پوشه `vulnerabilities/api` بروید و دستور زیر را اجرا کنید:
```sh
composer.phar install
```
اگر Composer را در مسیر سیستم نصب نکردهاید، مطمئن شوید که امکان ارجاع به آن وجود دارد.
## پیکربندیها
### فایل کانفیگ
برنامهٔ DVWA همرا با یک فایل کانفیگ دمدستی توزیع میشود که لازم است شما آن را در جای مناسب کپی کنید و تغییرات لازم را بر روی آن اعمال کنید. در لینوکس با فرض بر اینکه در پوشهٔ DVWAقرار دارید، به این طریق میتوانید فایل را کپی کنید:
`cp config/config.inc.php.dist config/config.inc.php`
در ویندوز، اگر پسوند فایلها مخفی باشد، کار اندکی دشوارتر میشود. اگر در این مورد مطمئن نیستید، برای توضیحات بیشتر این پست وبلاگ را ببینید:
[چگونه در ویندوز پسوند ها را نمایش دهیم](https://www.howtogeek.com/205086/beginner-how-to-make-windows-show-file-extensions/)
### پیکربندی با متغیرهای محیطی
به جای تغییر فایل پیکربندی، میتوانید اکثر تنظیمات را با استفاده از متغیرهای محیطی نیز تنظیم کنید. در یک پیادهسازی Docker یا Kubernetes، این به شما امکان میدهد پیکربندی را بدون ایجاد یک تصویر Docker جدید تغییر دهید. متغیرها را در فایل [config/config.inc.php.dist](config/config.inc.php.dist) خواهید یافت.
اگر میخواهید سطح امنیتی پیشفرض را روی «پایین» تنظیم کنید، کافیست خط زیر را به فایل [compose.yml](./compose.yml) اضافه کنید:
```yml
environment:
- DB_SERVER=db
- DEFAULT_SECURITY_LEVEL=low
```
### نصب دیتابیس
برای راهاندازی پایگاه داده، کافیست روی دکمهی «Setup DVWA» در منوی اصلی کلیک کنید، سپس روی دکمهی «Create / Reset Database» کلیک کنید. این کار پایگاه داده را برای شما با مقداری داده ایجاد/بازنشانی میکند.
اگر هنگام ایجاد پایگاه داده خود با خطایی مواجه شدید، مطمئن شوید که اعتبارنامههای ( نام کاربری و رمز عبور ) پایگاه داده شما در
`./config/config.inc.php`
صحیح هستند.
**نکته:** _فایل `config.inc.php.dist` یک فایل نمونه است، و با `config.inc.php` متفاوت است._
متغیرها به طور پیشفرض به صورت زیر تنظیم شدهاند:
```php
$_DVWA[ 'db_server'] = '127.0.0.1';
$_DVWA[ 'db_port'] = '3306';
$_DVWA[ 'db_user' ] = 'dvwa';
$_DVWA[ 'db_password' ] = 'p@ssw0rd';
$_DVWA[ 'db_database' ] = 'dvwa';
```
نکته، اگه شما از MariaDB به جای MySQL (به صورت پیشفرضMariaDB در Kali وجود دارد)، نمیتونید از کاربر root استفاده کنید و باید یک کاربر در دیتابیس بسازید برای انجام این کار به دیتابیس خودتون متصل بشید و دستورات زیر را اجرا کنید:
```mariadb
MariaDB [(none)]> create database dvwa;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> create user dvwa@localhost identified by 'p@ssw0rd';
Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> grant all on dvwa.* to dvwa@localhost;
Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
```
### غیرفعال سازی احراز هویت
بعضی از ابزارها با بخش ورود به خوبی کار نمیکنند و با DVWA نمیتوانند استفاده شوند. برای رفع این مشکل، گزینهای در کانفیگ وجود دارد که بتوانید کنترل ورود را غیر فعال کنید. برای این کار کافیست تنظیم زیر را در فایل کانفیگ انجام دهید:
```php
$_DVWA[ 'disable_authentication' ] = true;
```
همچنین لازم است سطح امنیت را به مقداری که برای آزمونتان مد نظر دارید تغییر دهید:
```php
$_DVWA[ 'default_security_level' ] = 'low';
```
در این حالت شما میتوانید از تمامی امکانات بدون نیاز به ورود و تنظیم کوکیها بهره ببید.
### سطح دسترسی به پوشهها
* `./hackable/uploads/`
باید توسط وب سرویس قابل نوشتن باشد (برای آپلود فایل).
* `./external/phpids/0.6/lib/IDS/tmp/phpids_log.txt`
باید توسط وب سرویس قابل نوشتن باشد (اگر قصد استفاده از PHPIDS را دارید ).
### تنظیمات PHP
تنظیمات PHP در سیستمهای لینوکس، احتمالاً در
`/etc/php/x.x/fpm/php.ini`
یا
`/etc/php/x.x/apache2/php.ini`
یافت میشود.
* جهت بهرهبرداری به آسیبپذیری Remote File Inclusions (RFI)
* تنظیم `allow_url_include = on` مستندات: [[allow_url_include](https://secure.php.net/manual/en/filesystem.configuration.php#ini.allow-url-include)]
* تنظیم `allow_url_fopen = on` مستندات: [[allow_url_fopen](https://secure.php.net/manual/en/filesystem.configuration.php#ini.allow-url-fopen)]
* برای خاموشکردن هشدارهای پیاچپی که کمتر شلوغ باشد (در صورت نیاز)
* تنظیم `display_errors = off` مستندات: [[display_errors](https://secure.php.net/manual/en/errorfunc.configuration.php#ini.display-errors)]
حتما پس از ایجاد تغییرات سرویس PHP یا Apache را راه اندازی مجدد کنید.
### تنظیمات reCAPTCHA
این فقط برای آزمایشگاه "CAPTCHA ناامن" مورد نیاز است، اگر نمیخواهید این آزمایشگاه را ارزیابی کنید، می توانید این بخش را نادیده بگیرید.
یک جفت کلید API از <https://www.google.com/recaptcha/admin/create> دریافت کنید.
سپس به فایل
`./config/config.inc.php`
بروید و این مقادیر را به آن اضافه کنید:
- `$_DVWA[ 'recaptcha_public_key' ]`
- `$_DVWA[ 'recaptcha_private_key' ]`
### اطلاعات ورود پیشفرض
**نام کاریری پیشفرض = `admin`**
**کلمه عبور پیشفرض = `password`**
_...که به راحتی میتواند مورد حملات بروتفورس قرار گیرد ;)_
نشانی ورود: http://127.0.0.1/login.php
_نکته: اگر DVWA را در مسیرمتفاوتی نصب کرده باشد، این نیز برای شما تفاوت خواهد داشت._
- - -
## عیب یابی
تمامی مراحل با فرض این که شما در یک توزیع مبتنی بر دبیان، مانند دبیان، اوبونتو و کالی هستید. برای سایر توزیعها، هستید نوشته شده است، اما دستور را در صورت لزوم بهروزرسانی کنید.
اگر ترجیح می دهید به جای خواندن، ویدیو تماشا کنید، رایج ترین مشکلات در ویدیو [رفع مشکلات راه اندازی DVWA] (https://youtu.be/C-kig5qrPSA?si=_a4Bop505-1tXb_F) پوشش داده شده است.
## کانتینر داکر
### میخواهم به لاگ دسترسی داشته باشم
اگر از Docker Desktop استفاده میکنید، میتوانید از برنامه گرافیکی به گزارشها دسترسی پیدا کنید.
برخی از جزئیات جزئی ممکن است با نسخه های جدیدتر تغییر کنند، اما روش دسترسی باید یکسان باشد.
همچنین می توانید از طریق Terminal به لاگ ها دسترسی داشته باشید.
1. یک ترمینال را باز کنید و دایرکتوری کاری آن را به DVWA تغییر دهید
2. گزارش های ادغام شده را نشان دهید
```sh
docker compose logs
```
در صورتی که میخواهید لاگ ها در یک فایل ذخیره شوند این دستور را اجرا کنید:
```sh
docker compose logs > dvwa.log
```
#### میخواهم DVWA را روی پورت متفاوتی اجرا کنم
به صورت پیش فرض ما از پورت 80 به چند دلیل استفاده نمیکنیم:
- برخی کاربران ممکن است روی پورت 80 چیزی در حال اجرا داشته باشند
- برخی کاربران ممکن است از کانتینر هایی که rootless هستند (مثل Podman) استفاده کنند، دسترسی به پورت 80 نداشته باشند.
با تغییر اتصال پورت در فایل «compose.yml» میتوانید DVWA را در پورت دیگری در معرض دید قرار دهید.
به عنوان مثال، شما می توانید مقدار زیر را
```yml
ports:
- 127.0.0.1:4280:80
```
به
```yml
ports:
- 127.0.0.1:8806:80
```
تغییر دهید.
حالا DVWA روی آدرس `http://localhost8806` در دسترس است.
در مواردی که می خواهید DVWA برای همه کاربران موجود در یک شبکه قابل دسترس باشد، مقدار `127.0.0.1:` را از فایل compose.yml حذف کنید (یا آن را با IP LAN خود جایگزین کنید). در این حالت امکان مشاهده DVWA در کل شبکه فراهم می باشد.
به این
دستگاه لوپ بک محلی پس از همه، این یک برنامه وب آسیب پذیر لعنتی است که روی دستگاه شما اجرا می شود.
#### شروع خودکار DVWA در هنگام اجرای Docker
فایل موجود [`compose.yml`](./compose.yml) به طور خودکار DVWA و پایگاه داده آن را با شروع Docker اجرا می کند.
برای غیرفعال کردن این قابلیت، میتوانید خط
```yml
restart: unless-stopped
```
را در فایل [`compose.yml`](./compose.yml) حذف یا کامنت کنید.
اگر میخواهید این رفتار را بهطور موقت غیرفعال کنید، میتوانید `docker compose stop` را اجرا کنید، یا از Docker Desktop استفاده کنید، `DVWA` را پیدا کنید و روی Stop کلیک کنید.
اگر میخواهید کانتینر را متوقف کنید دستور `docker compose down` را اجرا کنید.
### فایل LOG
در سیستمهای لینوکس، آپاچی بهطور پیشفرض دو فایل گزارش ایجاد میکند، «access.log» و «error.log» و در سیستم مبتنی بر دبیان معمولاً در `/var/log/apache2/` یافت میشوند.
هنگام ارسال گزارش خطا، مشکلات و مواردی از این قبیل، لطفاً حداقل پنج خط آخر هر یک از این فایل ها را وارد کنید. در سیستم های مبتنی بر دبیان می توانید موارد زیر را دریافت کنید:
```sh
tail -n 5 /var/log/apache2/access.log /var/log/apache2/error.log
```
### سایت را مرور میکنم، ولی خطای ۴۰۴ میگیرم
[ویدیو رفع مشکل](https://youtu.be/C-kig5qrPSA?si=wTS3Aj8fycW3Idfr&t=141)
اگر شما این خطا را دریافت میکنید، نیاز است تسبت به محل فایلها آگاهی بیشتری کسب کنید. بهشکل پیشفرض، پوشهٔ ریشهٔ فایلهای آپاچی (جایی که آن را بهدنبال محتوای وبی جستجو میکند)، در `/var/www/html` واقع شده است. اگر شما فایل `hello.txt` را در آن قرار دهید، برای مرور آن میبایست از آدرس `http://localhost/hello.txt` استفاده کنید.
اما اگر یک پوشه در آنجا ساختهاید و فایل را دروت آن قرار دادهاید - `/var/www/html/mydir/hello.txt` - میبایست برای مرور آن از آدرس `http://localhost/mydir/hello.txt` استفاده کنید.
لینوکس، نسبت به بزرگی و کوچکی حروف حساس است. لذا در مثال بالا تلاش برای مرور هرکدام از آدرسهای زیر نیز به شما خطای ۴۰۴ را گزارش خواهد داد:
- `http://localhost/MyDir/hello.txt`
- `http://localhost/mydir/Hello.txt`
- `http://localhost/MYDIR/hello.txt`
این چه تأثیری بر روی DVWAخواهد داشت؟ بسیاری از افراد با استفاده از گیت، DVWA را در پوشهٔ `/var/www/html` دانلود میکنند. این منجر به ایجاد پوشهٔ `/var/www/html/DVWA/` خواهد شد که تمام فایلهای DVWA درون آن قرار میگیرند. پس از آن سراغ آپاچی رفته و `http://localhost/` را مرور کرده و با خطای ۴۰۴ یا صفحهٔ خوشآمدگویی آپاچی مواجه میشوند. از آنجایی که فایلها درون پوشهٔ DVWA قرار دارند، باید بجای آن، آدرس `http://localhost/DVWA` را مرور کرد.
اشتباه رایج دیگر استفاده از آدرس `http://localhost/dvwa` است که باز هم خطای ۴۰۴ را خواهد داد. چراکه `dvwa` با `DVWA` در لینوکس یکی نیستند و لینوکس به حروف بزرگ و کوچک حساس می باشد.
بنابرین وقتی پس از نصب با خطای `404` مواجه شدید، یک مرتبه مرور کنید که فایها را در کجا نصب کردهاید، نسبت به پوشهٔ ریشهٔ فایلها در چه موقعیتی قرار گرفتهاند و بزرگی و کوچکی حروف در نام پوشههای استفادهشده چه شکلی است.
### در هنگام باز شدن صفحه سایت صفحه سفید می باشد
[ویدیو رفع مشکل](https://youtu.be/C-kig5qrPSA?si=wTS3Aj8fycW3Idfr&t=243)
این معمولاً یک مشکل پیکربندی است که مشکل دیگری را پنهان می کند. بهطور پیشفرض، PHP خطاها را نمایش نمیدهد، و بنابراین اگر فراموش کردهاید که نمایش خطا را در طول فرآیند راهاندازی روشن کنید، هر گونه مشکل دیگری مانند عدم اتصال به پایگاه داده، بارگذاری برنامه را متوقف میکند اما پیامی که به شما میگوید چه چیزی اشتباه است پنهان میشود.
برای رفع این مشکل، مطمئن شوید که `display_errors` و `display_startup_errors` را در [پیکربندی PHP] (#php-configuration) تنظیم کردهاید و سپس Apache را مجدداً راهاندازی کنید.
### خطای"Access denied" موقع اجرای نصب
اگر حین اجرای اسکریپت نصب این خطا را دریافت میکنید، بدان معنی است که نام کاربری و کلمهٔ عبور تنظیمشده در قایل تنظیمات با آنچه در پایگاه داده تنظیم شده است تطابق ندارد. [ویدیو رفع مشکل](https://youtu.be/C-kig5qrPSA?si=_a4Bop505-1tXb_F&t=973)
```
Database Error #1045: Access denied for user 'notdvwa'@'localhost' (using password: YES).
```
این پیام خطا به شما میگوید که در حال استفاده از نام کاربری `notdvwa` هستید.
خطای زیر می گوید که فایل پیکربندی را به سمت پایگاه داده اشتباهی نشانه رفته اید. [راهنمای ویدیو](https://youtu.be/C-kig5qrPSA?si=_a4Bop505-1tXb_F&t=630)
```
SQL: Access denied for user 'dvwa'@'localhost' to database 'notdvwa'
```
این به شما میگوید که با استفاده از نام کاربری `dvwa` در حال تلاش برای اتصال به پایگاه دادهٔ `notdvwa` هستید.
اولین قدم این است که بررسی کنید نام کاربری، رمزعبور، نام دیتابیس در فایل کانفیگ به صورت صحیح وجود دارد خیر
اگر مقادیر به درستی در فایل کانفیگ تعریف شده بودند، مرحلهٔ بعدی تلاش برای ورود با نام کاریری از طریق خط فرمان است. با فرض بر اینکه شما یک نام کاربری با نام `dvwa` و یک کلمهٔ عبور با مقدار `p@ssw0rd` دارید، میتوانید دستور زیر را اجرا کنید:
```
mysql -u dvwa -pp@ssw0rd -D dvwa
```
*دقت کنید که هیچ فاصلهٔ خالی بعد از p- قرار ندارد*
اگر یک چنین چیزی میبینید، کلمهٔ عبور شما صحیح است:
```
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 14
Server version: 10.3.22-MariaDB-0ubuntu0.19.10.1 Ubuntu 19.10
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [dvwa]>
```
از آنجا که از طریق خط فرمان به شکل موفقیت آمیز توانستهاید متصل شوید، به احتمال زیاد چیزی در فایل کانفیگ اشتباه است. مجدداً آن را بررسی کنید و اگر همچنان نتوانستید موفق شوید یک issue برای رسیدگی ایجاد کنید.
اگر چنین چیزی میبینید، یا نام کاربری یا کلمهٔ عبورتان اشتباه است. مراحل [نصب پایگاه داده](#database-setup) را مجدداً تکرار کنید و اطمینان حاصل کنید که در کل این فرایند از همان نام کاربری و کلمهٔ عبور استفاده میکنید.
```
ERROR 1045 (28000): Access denied for user 'dvwa'@'localhost' (using password: YES)
```
اگر خطای زیر را میگیرید، بدین معنا است که نام کاربری و کلمهٔ عبور شما صحیح است، لبکن سطح دسترسی آن به پایگاه داده کافی نیست. در این حالت نیز مراحل نصب را تکرار کنید و نام پایگاه دادهای که به آن متصل میشوید را چک کنید.
```
ERROR 1044 (42000): Access denied for user 'dvwa'@'localhost' to database 'dvwa'
```
آخرین خطایی که ممکن است دریافت کنید نیز به شرح زیر است:
```
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
```
این یک خطای احراز هویت نیست، اما به شما میگوید که سرور پایگاه داده در حال اجرا نیست. آن را با دستور زیر اجرا کنید:
```sh
sudo service mysql start
```
### خطای اتصال
[ویدیو رفع مشکل](https://youtu.be/C-kig5qrPSA?si=_a4Bop505-1tXb_F&t=444)
یک خطای مشابه هم میتوان مشاهده کرد
```mariadb
Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/sites/dvwa/non-secure/htdocs/dvwa/includes/dvwaPage.inc.php:535
```
به این معنی که سرور دیتابیس شما اجرا نشده است یا آدرس IP اشتباهی تعریف شده است.
برای دیدن محل مورد انتظار سرور پایگاه داده، این خط را در فایل پیکربندی بررسی کنید:
```php
$_DVWA[ 'db_server' ] = '127.0.0.1';
```
سپس بررسی کنید که ایا MariaDB در حال اجرا است؟
در لینوکس این کار را میتوان با دستور زیر انجام داد:
```sh
systemctl status mariadb.service
```
در نتیجه این دستور باید همچین خروجی داشته باشد:
```sh
● mariadb.service - MariaDB 10.5.19 database server
Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; preset: enabled)
Active: active (running) since Thu 2024-03-14 16:04:25 GMT; 1 week 5 days ago
```
اگه مقدار active (running) را مشاهده کردید یعنی سرویس MariaDB فعال می باشد.
اگر اجرا نشده بود دستور زیر را اجرا کنید
```sh
sudo systemctl stop mariadb.service
```
به `sudo` توجه کنید و در صورت درخواست، مطمئن شوید که رمز عبور کاربر لینوکس خود را وارد میکنید.
در ویندوز، وضعیت را در کنسول XAMPP بررسی کنید.
### روش ورود ناشتاخته
در جدیدترین نسخههای MySQL، PHP دیگر نمیتواند با پایگاه داده در پیکربندی پیشفرض آن ارتباط برقرار کند. اگر سعی کنید اسکریپت راهاندازی را اجرا کنید و پیام زیر را دریافت کنید، به این معنی است که پیکربندی انجام شده است.
```
Database Error #2054: The server requested authentication method unknown to the client.
```
دو راه حل پیش رو دارید که آسانترین آنها حذف مایاسکیوال و نصب ماریادیبی بجای آن است. در پایین میتوانید راهنمای رسمی پروژهٔ ماریادیبی را ببینید:
<https://mariadb.com/resources/blog/how-to-migrate-from-mysql-to-mariadb-on-linux-in-five-steps/>
راهحل دیگر اجرای مراحل زیر است:
1. با کاربر روت، فایل `/etc/mysql/mysql.conf.d/mysqld.cnf` را برای ویرایش باز کنید.
2. زیر سطر `[mysqld]`، عبارت زیر را اضافه کنید:
`default-authentication-plugin=mysql_native_password`
3. سرویس پایگاه داده را ریستارت کنید:
`sudo service mysql restart`
4. حالت ارزیابی ورود را برای کاربرتان بررسی کنید:
```sql
mysql> select Host,User, plugin from mysql.user where mysql.user.User = 'dvwa';
+-----------+------------------+-----------------------+
| Host | User | plugin |
+-----------+------------------+-----------------------+
| localhost | dvwa | caching_sha2_password |
+-----------+------------------+-----------------------+
1 rows in set (0.00 sec)
```
5. احتمالاً `caching_sha2_password` به چشمتان خواهد خورد در این صورت دستور زیر را اجرا کنید:
```sql
mysql> ALTER USER dvwa@localhost IDENTIFIED WITH mysql_native_password BY 'p@ssw0rd';
```
6. اگر دوباره بررسی کنید، ایندفعه میبایست `mysql_native_password` را ببینید.
```sql
mysql> select Host,User, plugin from mysql.user where mysql.user.User = 'dvwa';
+-----------+------+-----------------------+
| Host | User | plugin |
+-----------+------+-----------------------+
| localhost | dvwa | mysql_native_password |
+-----------+------+-----------------------+
1 row in set (0.00 sec)
```
پس از تمام این کارها، الان فرایند نصب باید بتواند به صورت عادی انجام شود.
برای اطلاعات بیشتر صفحهٔ زیر را دنبال کنید:
<https://www.php.net/manual/en/mysqli.requirements.php>.
### خطای شماره ۲۰۰۲ پایگاه داده: چنین فایل یا پوشهای وجود ندارد
سرور پایگاه داده در حال اجرا نیستو در توزیعهای مبتنی بر دبیان میتوانید اینگونه مشکل را برطرف کنید:
```sh
sudo service mysql start
```
### خطاهای "MySQL server has gone away" و "Packets out of order"
چندین دلیل ممکن است برای گرفتن خطاهای بالا وجود داشته باشد. اما شایعترینشان این است که نسخهٔ سرور پایگاه دادهٔ شما با نسخهٔ پیاچپی سازگاری ندارد.
این ممکن است وقتی استفاده از آخرین نسخههای مایاسکیوال و پیاچپی به خوبی پیشنرود مشاهده شود. بهترین توصیه کنارگذاشتن مایاسکیوال و نصب ماریادیبی است چرا که این موضوعی نیست که بتوانیم پشتیبانی بیشتری در مورد آن بدهیم.
برای اطلاعات بیشتر اینجا را ببینید:
<https://www.ryadel.com/en/fix-mysql-server-gone-away-packets-order-similar-mysql-related-errors/>
### دلیل عدم اتصال به دیتابیس در CentOS
ممکن است با SELinux به مشکل برخورده باشید. یا SELinux را غیرفعال کنید یا این دستور را اجرا کنید تا به وب سرور اجازه دهید با پایگاه داده ارتباط برقرار کند:
```sh
setsebool -P httpd_can_network_connect_db 1
```
### داکر MariaDB شروع به کار نمیکند
اگر هنگام تلاش برای شروع MariaDB خطای زیر را در گزارشهای Docker مشاهده کردید، احتمالاً به دلیل کمبود حافظه کافی در دستگاه میزبان است. اگر از این در یک محیط میزبانی شده استفاده میکنید، بهترین راه حل افزایش اندازه دستگاه برای دریافت حافظه بیشتر و دوباره امتحان کردن است.
```sh
[Note] [Entrypoint]: Entrypoint script for MariaDB Server 1:10.11.15+maria~ubu2204 started.
[Warn] [Entrypoint]: /sys/fs/cgroup///memory.pressure not writable, functionality unavailable to MariaDB
```
همچنین ممکن است لازم باشد خط زیر را به بخش volums فایل `compose.yml` خود اضافه کنید:
```yaml
- /sys/fs/cgroup/memory.pressure:/sys/fs/cgroup/memory.pressure
```
### چیز دیگه ای میمونه
برای آخرین اطلاعات عیبیابی، لطفاً تیکتهای باز و بسته را در مخزن گیت مطالعه کنید:
https://github.com/digininja/DVWA/issues
قبل از ارسال تیکت، لطفاً مطمئن شوید که آخرین نسخه کد را از مخزن اجرا میکنید. این آخرین نسخه نیست، این آخرین کد از شاخه اصلی است.
در صورت درخواست، لطفاً حداقل اطلاعات زیر را ارسال کنید:
- سیستم عامل
- ۵ خط آخر از گزارش خطای وب سرور بلافاصله پس از وقوع هر خطایی که گزارش میدهید
- اگر مشکل از احراز هویت پایگاه داده است، مراحل بالا را طی کنید و از هر مرحله اسکرین شات بگیرید. این مراحل را به همراه اسکرین شاتی از بخشی از فایل پیکربندی که نام کاربری و رمز عبور پایگاه داده را نشان میدهد، ارسال کنید.
- شرح کاملی از مشکل، آنچه انتظار دارید اتفاق بیفتد و آنچه برای رفع آن تلاش کردهاید. عبارت «ورود به سیستم خراب است» برای درک مشکل شما و کمک به رفع آن برای ما کافی نیست.
- - -
## آموزش
من سعی میکنم چند ویدیوی آموزشی تهیه کنم که برخی از آسیبپذیریها را بررسی کرده و نحوه شناسایی و سپس بهرهبرداری از آنها را نشان دهد. در اینجا ویدیوهایی که تاکنون ساختهام را مشاهده میکنید:
[Finding and Exploiting Reflected XSS](https://youtu.be/V4MATqtdxss)
---
## تزریق SQL در SQLite3
_پشتیبانی از این موضوع بسیار محدود است. قبل از ثبت خطا باید اطمینان داشتهباشید برای کارکردن بر روی اشکالزدایی آمادگی کافی را داشته باشید. از مطرحکردن "فلان چیز کار نمیکند" بپرهیزید_
به طور پیشفرض SQLi و Blind SQLi بر روی سرور ماریادیبی یا مایاسکیوال استفاده شده در سایت انجام میشوند. اما این امکان وجود دارد که تست SQLi را بجای آن بر روی یک SQLite3 انجام دهید.
در اینجا چگونگی راهاندازی و کارکردن SQLite3 با PHP توضیح داده نمیشود، اما چیز سادهای در حد نصب `php-sqlite3` و اطمینان از فعال بودن آن را یادآوری میکنیم.
برای تغییر، کافیست فایل کانفیگ را ویرایش کنید و خطوط زیر را تغییر داده یا اضافه کنید:
```php
$_DVWA["SQLI_DB"] = "sqlite";
$_DVWA["SQLITE_DB"] = "sqli.db";
```
به طور پیشفرض از فایل `database/sqli.db` استفاده میشود. اگر به طور اتفاقی به این فایل آسب زدید، آن را از مبدا `database/sqli.db.dist` بازنویسی کنید
باقی مسائل همانند مایاسکیوال است با این تفاوت که از SQLite3 بجای آن استفاده کردهایم.
- - -
👨💻 مشارکتکنندگان
-----
از تمام مشارکتهایتان و بهروزرسانی این پروژه متشکرم. :heart:
اگر ایدهای، نوعی بهبود یا صرفاً تمایل به همکاری دارید، از مشارکت و حضور در پروژه استقبال میشود، لطفاً PR خود را ارسال کنید.
<p align="center">
<a href="https://github.com/digininja/DVWA/graphs/contributors">
<img src="https://contrib.rocks/image?repo=digininja/DVWA&max=500">
</a>
</p>
- - -
## گزارش آسیبپذیریها
ساده بگم، این کارو نکنید!
سالی یک بار، کسی گزارشی برای آسیبپذیریای که در برنامه پیدا کرده است، ارسال میکند، برخی از آنها به خوبی نوشته شدهاند، گاهی اوقات بهتر از آنچه در گزارشهای تست نفوذ پولی دیدهام، برخی فقط میگویند «هدرها را گم کردهاید، به من پول بدهید».
در سال ۲۰۲۳، این موضوع به سطح کاملاً جدیدی ارتقا یافت، زمانی که کسی تصمیم گرفت برای یکی از آسیبپذیریها درخواست CVE کند، [CVE-2023-39848](https://nvd.nist.gov/vuln/detail/CVE-2023-39848) به او داده شد. کلی سر و صدا به پا شد و وقت زیادی برای اصلاح این موضوع تلف شد.
این برنامه آسیبپذیریهایی دارد، و این عمدی است. اکثر آنها به خوبی مستند شدهاند و شما به عنوان درس روی آنها کار میکنید، بقیه موارد "پنهان" هستند، مواردی که باید خودتان آنها را پیدا کنید. اگر واقعاً میخواهید مهارتهای خود را در یافتن موارد اضافی پنهان نشان دهید، یک پست وبلاگ بنویسید یا یک ویدیو بسازید زیرا احتمالاً افرادی هستند که علاقهمند به یادگیری در مورد آنها و نحوه یافتن آنها توسط شما هستند. اگر لینک را برای ما ارسال کنید، حتی ممکن است آن را در منابع قرار دهیم.
## پیوندها
صفحهٔ اصلی پروژه: <https://github.com/digininja/DVWA>
*تهیهشده توسط تیم DVWA*
================================================
FILE: README.fr.md
================================================
# Translation / Traduction
Philibert Gentil:@[Philibert-Gentil](https://github.com/Philibert-Gentil)
Vous pouvez me contacter en cas d'erreur de traduction / d'interprétation.
- - -
# DAMN VULNERABLE WEB APPLICATION / BORDEL D'APPLICATION WEB VULNÉRABLE
Bordel d'application web vulnérable (BAWV, traduit DVWA) est une application web PHP/MySQL vulnérable. Son but principal est d'être une aide pour les experts en sécurité pour tester leurs compétences et outils dans un environnement légal, aider les développeurs web à mieux comprendre la sécurisation des applications web et d'aider les élèves et professeurs à apprendre la sécurité des applications web dans un environnement d'études.
L'objectif de BAWV est **d'expérimenter les vulnérabilités web les plus communes**, avec **différents niveaux de difficulté**, avec une interface intuitive.
Notez qu'il existe des **vulnérabilités documentées ou non** avec ce programme. C'est intentionnel. Vous êtes encourragés à essayer et découvrir autant de failles que possible.
- - -
## ATTENTION !
Bordel D'application web vulnérable est vachement vulnérable ! **Ne la publiez pas sur le dossier html public de votre hébergeur ni aucun serveur visible sur internet**, ou ils seront compromis. Il est recommendé d'utiliser une machine virtuelle (comme [VirtualBox](https://www.virtualbox.org/) ou [VMware](https://www.vmware.com/)), réglé sur le mode réseau NAT. Dans une machine invitée, vous pouvez télécharger et installer [XAMPP](https://www.apachefriends.org/) pour le serveur web et la base de données.
### Non-responsabilité
Nous ne sommes pas responsables de la manière dont vous utilisez BAWV. Nous avons clairement défini les objectifs de l'application et elle ne dois pas être utilisée de manière malveillante. Nous vous avons averti et avons pris les mesures nécessaires pour informer les utilisateurs de BAWV à propos de son installation sur un serveur. Si votre serveur est compromis à cause d'une installation de BAWV, il n'en découle pas de notre responsabilité, mais de celle de la/les personne(s) qui l'a/ont téléchargé ou installé, envoyé.
- - -
## License
Ce fichier fait parie du bordel d'application web vulnérable (BAWV)
Bordel d'application web vulnérable (BAWV) est un logiciel libre: vous pouvez le re-distribuer et/ou le modifier en respectant les termes de la licence publique générale GNU (GNU General Public License) tel que publié par
La fondation des logiciels libres (the Free Software Foundation),
soit la troisième version de la licence, soit une version ultérieure.
Bordel d'application web vulnérable (BAWV) est distribué dans l'espoir qu'il vous sera utile,
mais SANS GARANTIE; sans même la garantie implicite de qualité professionnelle ou particulière.
Voyez la license publique générale GNU pour plus de détails.
Vous devriez avoir reçu une copie de la license publique générale GNU
en même temps que le bordel d'application web vulnérable (BAVW). Sinon, consultez <https://www.gnu.org/licenses/>.
- - -
## Internationalisation
Ce fichier est disponibles dans diverses langues ci-dessous :
- Chinois: [简体中文](README.zh.md)
- Turque: [Türkçe](README.tr.md)
- Anglais: [English](README.md)
Si vous souhaitez contribuer à la traduction, faite une demande d'extraction (pull request, PR). Par contre, ça ne doit pas être juste du Google Trad, ou ce sera rejeté.
- - -
## Téléchargement
Même s'il y a diverses versions de BAVW, la seule version soutenue via cette source du dépôt GitHub est celle-ci. Vous pouvez la cloner depuis le dépôt suivant :
```
git clone https://github.com/digininja/DVWA.git
```
Ou [télécharger le fichier zippé](https://github.com/digininja/DVWA/archive/master.zip).
- - -
## Installation
**Soyez sûrs que le fichier config/config.inc.php existe. Avoir le fichier config.inc.php.dist ne suffira pas, vous devrez le modifier par rapport à votre environnement et le renommer config.inc.php. [Windows cachera peut-être l'extension](https://lecrabeinfo.net/afficher-extensions-noms-de-fichiers-dans-windows.html)**
## Vidéos d'installation
- (en anglais) [Installing DVWA on Kali running in VirtualBox](https://www.youtube.com/watch?v=WkyDxNJkgQ4)
- (En anglais) [Installing Damn Vulnerable Web Application (DVWA) on Windows 10](https://www.youtube.com/watch?v=cak2lQvBRAo) \[12:39 minutes\]
### Win + XAMPP
La solution la plus facile pour installer BAVW est de télécharger et d'installer [XAMPP](https://www.apachefriends.org/) si vous n'avez pas déjà de serveur web.
XAMPP est une distribution apache pour Linux, Solaris, Windows et MacOS très facile d'installation. Le paquet inclut le serveur web apache, MySQL, PHP, Perl, un serveur FTP et phpMyAdmin.
XAMPP peut être téléchargé depuis :
<https://www.apachefriends.org/>
Dézippez simplement dvwa.zip, placez le fichier décompressé dans votre fichier HTML public, puis allez avec votre navigateur sur `http://localhost/dvwa/setup.php`
### Paquets Linux
Si vous utilisez une distribution basée sur Debian (Debian, ubuntu, kali, parrot, Rapberry pi OS etc), vous devez installer les paquets suivants _(ou leurs équivalents)_:
- apache2
- libapache2-mod-php
- mariadb-server
- mariadb-client
- php
- php-mysql
- php-gd
- php-mbstring
La commande suivante vous permet de les installer.
`apt install apache2 mariadb-server php php-mysqli php-gd php-mbstring libapache2-mod-php`
Note: php-mbstring permet de gérer les caractères européens, arabes, caligraphiques et caetera, notamment la table de caractères UTF-8. Ne pas la télécharger pourrait entrainez des problèmes d'affichage si vous n'avez pas un langage germanique comme l'anglais ou l'allemand.
Le site fonctionnera avec MySQL à la place de MariaDB mais nous recommendons fortement MariaDB car cela fonctionne directement, contrairement à MySQL que vous devrez modifier.
### Paramétrage de la base de données
Pour créer une base de données (BDD), cliquez simplement sur le bouton `Setup DVWA` (configurer BAWV) dans le menu principal puis cliquez sur le bouton `Create / Reset Database` (créez / réinitialisez la BDD). Cela créera / réinitialisera la BDD pour vous avec des données dedans.
Si vous rencontrez une erreur en essayant de créer la BDD, soyez sûrs que les identifiants de la BDD soient corrects dans `./config/config.inc.php`. *Elles diffèrent de config.inc.php.dist, qui est un fichier bateau*.
Les variables sont définies comme ceci par défaut:
```php
$_DVWA[ 'db_server'] = '127.0.0.1'; //l'IP du serveur
$_DVWA[ 'db_port'] = '3306'; //Le port pour accéder à la BDD
$_DVWA[ 'db_user' ] = 'dvwa'; //L'utilisateur de la BDD
$_DVWA[ 'db_password' ] = 'p@ssw0rd'; //Le mdp
$_DVWA[ 'db_database' ] = 'dvwa'; //Le nom de la BDD
```
PS: si vous utilisez MariaDB plutôt que MySQL (MariaDB est là par défaut sur Kali), vous ne pouvez utilisez la BDD en tant que root, vous devez créer un nouvel utilisateur. Pour faire cela, connectez vous à la BDD en tant que super-administrateur (root) dans un terminal et tapez les commandes suivantes:
```mysql
mysql> create database dvwa; //On crée la BDD
Query OK, 1 row affected (0.00 sec)
mysql> create user dvwa@localhost identified by 'p@ssw0rd'; //On crée l'utilisateur
Query OK, 0 rows affected (0.01 sec)
mysql> grant all on dvwa.* to dvwa@localhost;//On lui donne toute les permissions dans la BDD dvwa
Query OK, 0 rows affected (0.01 sec)
mysql> flush privileges;//On actualise les privilèges (en gros)
Query OK, 0 rows affected (0.00 sec)
```
### Autres configurations
En fonction de votre système d'exploitaiton (SE), tout comme la version de PHP, vous devrez peut-être modifier la configuration initiale. La localisation des fichiers sera éventuellement différente, selon votre machine.
**Permissions du fichier**
* `./hackable/uploads/` - Doit être disponible en écriture par le serveur web (des fichiers y seront uploadés).
* `./external/phpids/0.6/lib/IDS/tmp/phpids_log.txt` - Doit être disponible en écriture par le serveur web (si vous voulez utiliser les PHPIDS).
**Configuration PHP**
* `allow_url_include = on` - Autorise l'utilisation du gestionnaire des URL par certaines fonctions (RFI) [[allow_url_include](https://secure.php.net/manual/fr/filesystem.configuration.php#ini.allow-url-include)]
* `allow_url_fopen = on` - Autorisation pour l'accès au fichiers (RFI) [[allow_url_fopen](https://secure.php.net/manual/fr/filesystem.configuration.php#ini.allow-url-fopen)]
* `safe_mode = off` - (Si PHP <= v5.4) Autorise l'injection SQL (SQLi) [[safe_mode](https://secure.php.net/manual/fr/features.safe-mode.php)]
* `magic_quotes_gpc = off` - (Si PHP <= v5.4) Autorise l'injection SQL (SQLi) [[magic_quotes_gpc](https://secure.php.net/manual/fr/security.magicquotes.php)]
* `display_errors = off` - (Optional) Cache les messages d'avertissement PHP [[display_errors](https://secure.php.net/manual/en/errorfunc.configuration.php#ini.display-errors)]
**Fichier: `config/config.inc.php`**:
* `$_DVWA[ 'recaptcha_public_key' ]` & `$_DVWA[ 'recaptcha_private_key' ]` - Ces valeurs doivent être générées depuis: https://www.google.com/recaptcha/admin/create
### Identifiants par défaut
**Identifiant par défaut = `admin`**
**Clef par défaut = `password`**
_... peut être facilement craqué ;)_
URL de connection: http://127.0.0.1/login.php
_PS: Ce sera différent si vous installez BAWV dans un autre fichier._
- - -
## Container Docker
_Cette section du fichier à été ajouté par @thegrims, pour de l'aide à propos d'erreurs docker, veuillez le contacter ou contactez @opsxcq, qui est le maître du dépôt et de l'image docker. Un signalement d'erreur lui sera sûrement adressé et celle-ci sera collematée_
- [page dockerhub](https://hub.docker.com/r/vulnerables/web-dvwa/)
`docker run --rm -it -p 80:80 vulnerables/web-dvwa`
Soyez sûrs d'utiliser AUFS à cause d'erreurs antérieurs de MySQL. Lancez `docker info` pour vérifier le stockage de votre lecteur. Si il n'est pas en AUFS, veuillez le changer. Il y a un manuel pour chaque SE (OS), mais il sont tellement différents que nous n'aborderons pas ce sujet.
### Construction locale
Si vous avez fais des changements et voulez construire le projet à partir de votre version locale, editez le fichier `compose.yml` et changez `pull_policy: always` par `pull_policy: build`.
Exécuter la commande `docker compose up -d` va déclancher Docker à construire une image à partir de votre version locale, sans regard sur ce qui est disponible dans le registre.
Pour plus d'informations (En anglais): [`pull_policy`](https://github.com/compose-spec/compose-spec/blob/master/05-services.md#pull_policy).
### Servir les fichiers locaux
Si vous faites des changements et ne voulez pas avoir à reconstruire l'image après chaque changement :
1. Éditer le fichier `compose.yml` et décommenter :
```
# volumes:
# - ./:/var/www/html
```
2. Exécuter `cp config/config.inc.php.dist config/config.inc.php` pour copier le fichier de configuration par défaut.
3. Exécuter `docker compose up -d` et les changements au fichiers locaux seront réfléchies sur le conteneur.
- - -
## Dépannage
Nous considérons que vous êtes sur une distribution basée sur Debian, comme Debian, Ubuntu, Kali ou Raspberry pi OS. Pour les autres distributions, suivez les instructions en adaptant les commandes à votre distribution.
### Le site me donne une erreur 404
Si vous avez ce problème, vous devez comprendre la localistaion des fichiers. Par défaut, le fichier racine apache (l'endroit où il cherche le contenu du site) est `/var/www/html`. Si vous mettez un fichier nommé `salut.txt` dans ce dossier, vous devrez, pour y accéder, noter `http://localhost/salut.txt`.
Si vous créer un dossier et que vous y mettez un fichier - `/var/www/html/mondossier/salut.txt` - vous devrez écrire `http://localhost/mondossier/salut.txt`.
Linux est sensible à la casse (par exemps, "é" n'est pas la même lettre que "e"; et "E" n'est pas lettre que "e"), donc vous pourriez tomber sur un 404 si vous n'y prenez pas garde.
Les URL suivantes vous donneront une erreur 404 :
- `http://localhost/MonDossier/salut.txt`
- `http://localhost/mondossier/Salut.txt`
- `http://localhost/MONDOSSIER/salut.txt`
Pourquoi cela affecte BAWV ? La plupart des gens utilisent Git intégrer BAWV dans leur répertoire `/var/www/html`, cela leur donne donc le chemin `/var/www/html/DVWA` avec tous les fichiers de BAWV dedans. Du coup si vous cherchez `http://localhost/` ça vous retourne une erreur 404, ou la page par défaut d'apache. Comme les fichiers sont dans le dossier DVWA, ous devez rechercher `http://localhost/DVWA/`.
L'autre erreur commune est de rechercher `http://localhost/dvwa` ce qui retourne une erreur 404 parce que `dvwa` n'est pas pareil que `DVWA`, à cause de la casse.
Après la configuration, si vous obtenez une erreur 404, pensez à là où vous avez enregistré vos fichiers, qui est accessible par un chemin relatif, et quelle est l'orthographe des dossiers dans lesquels il se situe.
### "Accès refusé" pendant la configuration
Si vous avez l'erreur suivante en exécutant le programme de configuration, cela veut dire que l'ID et la clef que vous avez défini ne correspond pas à celle de la BDD.
```
Database Error #1045: Access denied for user 'nimporte'@'localhost' (using password: YES).
//signifie: "Erreur de la BDD #1045: accès refusé pour l'utilisateur 'nimporte'@'localhost' (utilise un mdp: OUI)"
```
Cette erreur signifie que vous utilisez le nom d'utilisateur `nimporte`.
L'erreur suivante dit que vous demandez une mauvaise base de donnée.
```
SQL: Access denied for user 'dvwa'@'localhost' to database 'notdvwa'
//signifie : "SQL: Accès refusé pour l'utilisateur 'dvwa'@'localhost' à la BDD `nimporte`."
```
Ça dit que vous vous connectez en tant que `dvwa` et que vous essayez de vous connecter à la BDD `nimporte`.
La première chose à faire est de revérifier ce que vous avez renseigné dans le fichier de configuration.
Si les informations semblent être correctes, la chose à revérifier est de regarder les journaux systèmes à propos de l'utilisateur en ligne de commande. Considérons que vous avez une BDD dénominée `dvwa` et un mot de passe `p@ssw0rd`, lancez la commande suivante.
```
mysql -u dvwa -p -D dvwa
//puis tapez votre mot de passe dans le champ qui apparaît
```
Si le texte suivant apparaît (peut varier), les identifiants sont corrects:
```
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 14
Server version: 10.3.22-MariaDB-0ubuntu0.19.10.1 Ubuntu 19.10
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [dvwa]>
```
Puisque vous pouvez vous connecter en ligne de commande, il y a quelque chose qui cloche dans le fichier de configuration, re-vérifiez-le et signaler nus une erreur si vous n'arrivez pas à la trouver (sur github).
Si le texte qui est apparu est le suivant, les identifiants sont incorrects. Répétez la [configuration de la base de données](#Paramétrage de la base de données) et soyez sûrs d'utiliser toujours les même identifiants durant la procédure.
```
ERROR 1045 (28000): Access denied for user 'dvwa'@'localhost' (using password: YES)
//signifie: "Erreur 1045 (28000): Accès refusé pour l'utilisateur 'dvwa'@'localhost' (clé renseignée: OUI)"
```
Si vous obtenez l'erreur suivante, les identifiants sont corrects mais l'utilisateur n'a pas accès à la database.
Réitérez aussi le paramétrage de la base de données et vérifiez le nom de la base de données.
```
ERROR 1044 (42000): Access denied for user 'dvwa'@'localhost' to database 'dvwa'
//signifie: "Erreur 1044 (42000): Accès refusé pour l'utilisateur 'dvwa'@'localhost' à la BDD 'dvwa'."
```
La dèrnière erreur peut être celle-ci:
```
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
```
Ça n'est pas une erreur d'authentification, c'est juste que le système de gestion de la BDD n'est pas activée. Démarrez-le en tapant :
```sh
sudo service mysql start
```
### Méthode d'identification inconnue
Avec les versions les plus récentes de MySQL, PHP ne peut plus échanger avec la BDD dans sa configuration initiale. Si vous obtenez cette erreur, c'est que vous possédez cette configuration :(.
```
Database Error #2054: The server requested authentication method unknown to the client.
//Signification: "Erreur de BDD #2045: la méthode authentification utilisée est inconnue."
```
Vous avez deux options, la première étant de désinstaller MySQL et d'installez MariaDB. Ce lien vous envoie vers le manuel officiel de MariaDB.
<https://mariadb.com/resources/blog/how-to-migrate-from-mysql-to-mariadb-on-linux-in-five-steps/> (en anglais)
Sinon, suivez ces étapes:
1. En tant que root, éditez le fichier `/etc/mysql/mysql.conf.d/mysqld.cnf`
1. sous la ligne `[mysqld]`, ajoutez
`default-authentication-plugin=mysql_native_password`
1. redémarrez MySQL: `sudo service mysql restart`
1. Vérifiez le méthode de connexion pour votre utilisateur:
```sql
mysql> select Host,User, plugin from mysql.user where mysql.user.User = 'dvwa';
+-----------+------------------+-----------------------+
| Host | User | plugin |
+-----------+------------------+-----------------------+
| localhost | dvwa | caching_sha2_password |
+-----------+------------------+-----------------------+
1 rows in set (0.00 sec)
```
1. Vous verrez probablement `caching_sha2_password`. Si c'est le cas, tapez:
```sql
mysql> ALTER USER dvwa@localhost IDENTIFIED WITH mysql_native_password BY 'p@ssw0rd';
```
1. Relancez la vérification, vous devriez voir `mysql_native_password`.
```sql
mysql> select Host,User, plugin from mysql.user where mysql.user.User = 'dvwa';
+-----------+------+-----------------------+
| Host | User | plugin |
+-----------+------+-----------------------+
| localhost | dvwa | mysql_native_password |
+-----------+------+-----------------------+
1 row in set (0.00 sec)
```
Après tout ça, le processus de configuration devrait fonctionner.
Pour plus d'infos, voyez: <https://www.php.net/manual/fr/mysqli.requirements.php>.
### Database Error #2002: No such file or directory.
Le serveur de BDD est inactif. Sur une distro basée Debian, tapez:
```sh
sudo service mysql start
```
### Erreurs "MySQL server has gone away" et "Packets out of order"
Vous pourriez rencontrer cette erreur pour maintes raisons, mais la plus plausible est que la version de votre SGBDD est incompatible avec PHP.
Cela ce produit généralement quand vous utilisez la dernière version de MySQL, mais pas de PHP et que ça ne foncitonne pas oufement bien. Notre meilleur conseil est de désinstaller MySQL et d'installer MariaDB, sinon nous ne pouvons pas vous aider.
### L'injection de commande ne fonctionne pas
Apache n'a peut être pas assez de privilèges sur le serveur web. Si vous utilisez BAWV sur linux, veillez à être connecté en tant que root et sous windows, en tant qu'administrateur.
### Pourquoi ne puis-je pas me connecter à ma BDD sous CentOS
Vous avez sûrement des prolèmes avec SELinux. Désinstaller SELinux ou lancez cette commande pour autoriser le serveur web à discutter avec la base de donnée:
```
setsebool -P httpd_can_network_connect_db 1
```
### Autre chose
Si vous avez besoin d'aide, lisez les rapports d'erreurs ouvert et/ou fermés dans le dépôt git:
<https://github.com/digininja/DVWA/issues>
Avant d'envoyer un rapport, soyez-sûr que vous utilisez la dernière version du code du dépôt. Pas que la dernière version, mais aussi les derniers codes de la branche maîtresse (master).
Si vous envoyez un rapport, renseignez ces informations:
- Système d'exploitation
- Les cinq dernières lignes du journal (log) du serveur web juste après la déclaration de votre erreur
- Si c'est un problème de connection à la base de données, effectuées les étapes renseignées au dessus et faites une capture d'écran de chacune d'entre elles, et du fichier de configuration contenant vos identifiants.
- une description détaillée de ce qui ne va pas, ce que vous éspèreriez qu'il arrive, et comment vous avez essayé de résoudre le problème. "problème de connection" n'est pas assez détaillé pour nous aidez à résoudre votre problème.
- - -
## Injection SQL SQLite3
_Le support pour cette section est limitée, avant d'envoyer un rapport d'erreur, soyez préparé à faire un déboguage, ne déclarez pas juste "ça marche pas !"._
Par défaut, SQLi et Blind SQLi sont exécutés sur les serveurs MariaDB/MySQL utilisés par le site mais il est possible de basculer vers des tests SQLi sur SQLite3 à la place.
Je ne vais pas vous montrer comment fonctionne SQLite3 avec PHP, mais juste un exemple d'installation de `php-sqlite3` et d'être sûr qu'il soit actif.
Pour faire ce changement éditez le fichier de configuration et éditez ces lignes:
```
$_DVWA["SQLI_DB"] = "sqlite";
$_DVWA["SQLITE_DB"] = "sqli.db";
```
Par défaut, ça utilise le fichier `database/sqli.db`, si vous vous gourrez, copiez `database/sqli.db.dist` par dessus.
Le challenge est le même pour MySQL, il sont juste antagoniste à SQLite3.
- - -
## Liens
Dépôt GitHub: <https://github.com/digininja/DVWA>
Créé par l'équipe BAWV.
================================================
FILE: README.id.md
================================================
# DAMN VULNERABLE WEB APPLICATION / APLIKASI WEB YANG RENTAN TERHADAP ANCAMAN
Damn Vulnerable Web Application (DVWA) atau yang dapat diartikan sebagai Aplikasi Web Yang Rentan Terhadap Ancaman merupakan aplikasi web berbasis PHP/MySQL yang sangat rentan.
Tujuan utamanya adalah menjadi alat bantu bagi para profesional keamanan untuk menguji keterampilan dan alat mereka dalam lingkungan hukum.
DVWA juga bertujuan membantu pengembang web memahami proses pengamanan aplikasi web serta memberikan dukungan bagi siswa dan guru untuk mempelajari keamanan aplikasi web dalam lingkungan kelas yang terkendali.
Tujuan dari DVWA adalah **melatih pengguna dalam menghadapi beberapa kerentanan web paling umum** dengan **berbagai tingkat kesulitan**, yang disajikan melalui antarmuka yang sederhana dan langsung. Harap dicatat bahwa **ada kerentanan yang didokumentasikan dan tidak didokumentasikan** dalam perangkat lunak ini. Hal ini sengaja dilakukan untuk mendorong pengguna mencoba dan menemukan sebanyak mungkin masalah.
## PERINGATAN
Damn Vulnerable Web Application sangat rentan! **Jangan mengunggahnya ke folder html publik penyedia hosting Anda atau server yang terhubung langsung ke internet** karena dapat mengakibatkan kompromi keamanan.
Disarankan untuk menggunakan mesin virtual (seperti [VirtualBox](https://www.virtualbox.org/) atau [VMware](https://www.vmware.com/)), yang diatur dalam mode jaringan NAT.
Di dalam mesin virtual, Anda dapat mengunduh dan menginstal [XAMPP](https://www.apachefriends.org/) untuk web server dan database.
### Penyangkalan
Kami tidak bertanggung jawab atas cara penggunaan aplikasi ini (DVWA) oleh siapa pun.
Tujuan dari aplikasi ini telah kami jelaskan dan seharusnya tidak digunakan dengan niat jahat.
Kami telah memberikan peringatan dan mengambil langkah-langkah untuk mencegah pengguna menginstal DVWA di server web aktif secara langsung.
Jika server web Anda terpengaruh melalui instalasi DVWA, itu bukan tanggung jawab kami melainkan tanggung jawab orang/orang yang mengunggah dan menginstalnya.
- - -
## Lisensi
Berkas ini merupakan bagian dari Damn Vulnerable Web Application (DVWA).
Damn Vulnerable Web Application (DVWA) adalah perangkat lunak bebas: Anda dapat mendistribusikannya dan/atau mengubahnya
sesuai dengan ketentuan Lisensi Umum GNU yang diterbitkan oleh
Free Software Foundation, versi 3 Lisensi, atau
(pilihan Anda) versi selanjutnya.
Damn Vulnerable Web Application (DVWA) didistribusikan dengan harapan akan bermanfaat,
tetapi TANPA GARANSI APA PUN; tanpa garansi tersirat pun
DAGANG atau SESUAI UNTUK TUJUAN TERTENTU. Lihat
Lisensi Umum GNU untuk lebih banyak detail.
Anda seharusnya telah menerima salinan Lisensi Umum GNU bersama dengan Damn Vulnerable Web Application (DVWA). Jika tidak, lihat <https://www.gnu.org/licenses/>.
- - -
## Internasionalisasi
Berkas ini tersedia dalam beberapa bahasa:
- Arab: [العربية](README.ar.md)
- Tiongkok: [简体中文](README.zh.md)
- Perancis: [Français](README.fr.md)
- Persia: [فارسی](README.fa.md)
- Portugis: [Português](README.pt.md)
- Spanyol: [Español](README.es.md)
- Turki: [Türkçe](README.tr.md)
- Indonesia: [id](README.id.md)
Jika Anda ingin berkontribusi dengan terjemahan, silakan kirimkan PR (Permintaan Tarik).
Namun perlu diperhatikan, ini bukan berarti hanya menjalankannya melalui Google Translate dan mengirimkannya, karena itu akan ditolak.
Kirimkan versi terjemahan Anda dengan menambahkan file baru 'README.xx.md' di mana xx adalah kode dua huruf dari bahasa yang Anda inginkan (berdasarkan [ISO 639-1](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes)).
- - -
## Unduh
Meskipun terdapat berbagai versi DVWA, satu-satunya versi yang didukung adalah sumber terbaru dari repositori resmi GitHub.
Anda dapat mengklonnya dari repositori:
`git clone https://github.com/digininja/DVWA.git`
Atau [unduh arsip ZIP dari file-file](https://github.com/digininja/DVWA/archive/master.zip).
- - -
## Instalasi
### Video Instalasi
- [Instalasi DVWA di Kali yang berjalan di VirtualBox](https://www.youtube.com/watch?v=WkyDxNJkgQ4)
- [Instalasi DVWA di Windows menggunakan XAMPP](https://youtu.be/Yzksa_WjnY0)
- [Instalasi Damn Vulnerable Web Application (DVWA) di Windows 10](https://www.youtube.com/watch?v=cak2lQvBRAo)
### Windows + XAMPP
Cara paling mudah untuk menginstal DVWA adalah dengan mengunduh dan menginstal [XAMPP](https://www.apachefriends.org/) jika Anda belum memiliki pengaturan server web.
XAMPP adalah Distribusi Apache yang sangat mudah diinstal untuk Linux, Solaris, Windows, dan Mac OS X. Paket ini mencakup server web Apache, MySQL, PHP, Perl, server FTP, dan phpMyAdmin.
[Video ini](https://youtu.be/Yzksa_WjnY0) memandu Anda melalui proses instalasi untuk Windows, tetapi seharusnya serupa untuk OS lainnya.
### Docker
Terima kasih kepada [hoang-himself](https://github.com/hoang-himself) dan [JGillam](https://github.com/JGillam), setiap commit ke cabang `master` menyebabkan pembangunan Docker image dan siap untuk diunduh dari GitHub Container Registry.
Untuk informasi lebih lanjut tentang apa yang Anda dapatkan, Anda dapat menjelajahi [Docker images yang sudah dibangun sebelumnya](https://github.com/digininja/DVWA/pkgs/container/dvwa).
#### Memulai
Prasyarat: Docker dan Docker Compose.
- Jika Anda menggunakan Docker Desktop, keduanya seharusnya sudah terinstal.
- Jika Anda lebih memilih Docker Engine di Linux, pastikan untuk mengikuti [panduan instalasi mereka](https://docs.docker.com/engine/install/#server).
**Kami memberikan dukungan untuk rilis Docker terbaru seperti yang ditunjukkan di atas.**
Jika Anda menggunakan Linux dan paket Docker yang disertakan dengan pengelola paket Anda, kemungkinan besar juga akan berfungsi, tetapi dukungan akan berusaha sebaik mungkin.
Memperbarui Docker dari versi paket manajer ke upstream memerlukan penghapusan versi lama seperti yang terlihat dalam panduan mereka untuk [Ubuntu](https://docs.docker.com/engine/install/ubuntu/#uninstall-old-versions), [Fedora](https://docs.docker.com/engine/install/fedora/#uninstall-old-versions), dan lainnya.
Data Docker Anda (container, gambar, volume, dll.) seharusnya tidak terpengaruh, tetapi jika Anda mengalami masalah, pastikan untuk [memberi tahu Docker](https://www.docker.com/support) dan gunakan mesin pencari dalam waktu yang bersamaan.
Kemudian, untuk memulai:
1. Jalankan `docker version` dan `docker compose version` untuk melihat apakah Docker dan Docker Compose terinstal dengan benar. Anda seharusnya dapat melihat versi mereka dalam output.
Contoh:
```text
>>> docker version
Client:
[...]
Version: 23.0.5
[...]
Server: Docker Desktop 4.19.0 (106363)
Engine:
[...]
Version: 23.0.5
[...]
>>> docker compose version
Docker Compose version v2.17.3
```
Jika Anda tidak melihat apa-apa atau mendapatkan pesan kesalahan "command not found" ikuti prasyarat untuk menyiapkan Docker dan Docker Compose.
2. Klon atau unduh repositori ini dan ekstrak (lihat [Unduh](#unduh)).
3. Buka terminal pilihan Anda dan ubah direktori kerjanya ke dalam folder ini (`DVWA`).
4. Jalankan `docker compose up -d`.
DVWA sekarang tersedia di `http://localhost:4280`.
**Perhatikan bahwa untuk menjalankan DVWA dalam kontainer, server web mendengarkan port 4280 daripada port biasa 80.**
Untuk informasi lebih lanjut mengenai keputusan ini, lihat [Saya ingin menjalankan DVWA di port yang berbeda](#i-want-to-run-dvwa-on-a-different-port).
#### Pembangunan Lokal
Jika Anda melakukan perubahan lokal dan ingin membangun proyek dari lokal, buka `compose.yml` dan ubah `pull_policy: always` menjadi `pull_policy: build`.
Menjalankan `docker compose up -d` seharusnya akan memicu Docker untuk membangun gambar dari lokal tanpa memperdulikan apa yang tersedia di registri.
Lihat juga: [`pull_policy`](https://github.com/compose-spec/compose-spec/blob/master/05-services.md#pull_policy).
### Paket-paket Linux
Jika Anda menggunakan distribusi Linux berbasis Debian, Anda perlu menginstal paket-paket berikut _(atau yang setara)_:
- apache2
- libapache2-mod-php`
- mariadb-server
- mariadb-client
- php php-mysqli
- php-gd
Saya sarankan melakukan pembaruan sebelumnya, agar Anda memastikan mendapatkan versi terbaru dari semuanya.
```
apt update
apt install -y apache2 mariadb-server mariadb-client php php-mysqli php-gd libapache2-mod-php
```
Situs akan berfungsi dengan MySQL alih-alih MariaDB, tetapi kami sangat menyarankan MariaDB karena berfungsi tanpa masalah sedangkan Anda harus melakukan perubahan agar MySQL dapat berfungsi dengan benar.
## Konfigurasi
### Berkas Konfigurasi
DVWA disertakan dengan salinan palsu dari berkas konfigurasinya yang perlu Anda salin dan lakukan perubahan yang sesuai. Pada Linux, bila Anda berada di direktori DVWA, langkah ini dapat dilakukan seperti berikut:
`cp config/config.inc.php.dist config/config.inc.php`
Pada Windows, langkah ini mungkin sedikit lebih sulit jika ekstensi file disembunyikan. Jika Anda tidak yakin mengenai hal ini, blog post berikut menjelaskan lebih lanjut:
[Cara Membuat Windows Menampilkan Ekstensi File](https://www.howtogeek.com/205086/beginner-how-to-make-windows-show-file-extensions/)
### Pengaturan Database
Untuk mengatur database, cukup klik tombol `Setup DVWA` di menu utama, kemudian klik tombol `Create / Reset Database`. Ini akan membuat/mereset database untuk Anda dengan beberapa data di dalamnya.
Jika Anda menerima pesan kesalahan saat mencoba membuat database Anda, pastikan kredensial database Anda benar dalam `./config/config.inc.php`. *Ini berbeda dari config.inc.php.dist, yang merupakan berkas contoh.*
Variabel-variabelnya diatur secara default sebagai berikut:
```
$_DVWA['db_server'] = '127.0.0.1';
$_DVWA['db_port'] = '3306';
$_DVWA['db_user'] = 'dvwa';
$_DVWA['db_password'] = 'p@ssw0rd';
$_DVWA['db_database'] = 'dvwa';
```
Perhatikan, jika Anda menggunakan MariaDB daripada MySQL (MariaDB adalah default di Kali), maka Anda tidak dapat menggunakan pengguna root database, Anda harus membuat pengguna database baru. Untuk melakukannya, sambungkan ke database sebagai pengguna root kemudian gunakan perintah-perintah berikut:
```
mysql> create database dvwa;
Query OK, 1 row affected (0.00 sec)
mysql> create user dvwa@localhost identified by 'p@ssw0rd';
Query OK, 0 rows affected (0.01 sec)
mysql> grant all on dvwa.* to dvwa@localhost;
Query OK, 0 rows affected (0.01 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
```
### Menonaktifkan Otentikasi
Beberapa alat tidak berfungsi dengan baik dengan otentikasi sehingga tidak dapat digunakan dengan DVWA. Untuk mengatasi ini, ada opsi konfigurasi untuk menonaktifkan pemeriksaan otentikasi. Untuk melakukannya, cukup atur yang berikut dalam berkas konfigurasi:
```
$_DVWA['disable_authentication'] = true;
```
Anda juga perlu mengatur tingkat keamanan ke tingkat yang sesuai dengan pengujian yang ingin Anda lakukan:
```
$_DVWA['default_security_level'] = 'low';
```
Dalam kondisi ini, Anda dapat mengakses semua fitur tanpa perlu masuk dan mengatur cookie apapun.
### Izin Folder
* `./hackable/uploads/` - Perlu dapat ditulisi oleh layanan web (untuk Unggahan File).
### Konfigurasi PHP
Pada sistem Linux, kemungkinan ditemukan di `/etc/php/x.x/fpm/php.ini` atau `/etc/php/x.x/apache2/php.ini`.
* Untuk mengizinkan Remote File Inclusions (RFI):
* `allow_url_include = on` [[allow_url_include](https://secure.php.net/manual/en/filesystem.configuration.php#ini.allow-url-include)]
* `allow_url_fopen = on` [[allow_url_fopen](https://secure.php.net/manual/en/filesystem.configuration.php#ini.allow-url-fopen)]
* Untuk memastikan PHP menampilkan semua pesan kesalahan:
* `display_errors = on` [[display_errors](https://secure.php.net/manual/en/errorfunc.configuration.php#ini.display-errors)]
* `display_startup_errors = on` [[display_startup_errors](https://secure.php.net/manual/en/errorfunc.configuration.php#ini.display-startup-errors)]
Pastikan Anda me-restart layanan php atau Apache setelah melakukan perubahan.
### reCAPTCHA
Ini hanya diperlukan untuk lab "Insecure CAPTCHA", jika Anda tidak bermain dengan lab tersebut, Anda dapat mengabaikan bagian ini.
Buat sepasang kunci API dari <https://www.google.com/recaptcha/admin/create>.
Kemudian masukkan kunci-kunci tersebut ke bagian-bagian berikut di dalam `./config/config.inc.php`:
* `$_DVWA['recaptcha_public_key']`
* `$_DVWA['recaptcha_private_key']`
### Kredensial Default
**Username default = `admin`**
**Password default = `password`**
_...dapat dengan mudah di-brute force ;)_
URL Login: http://127.0.0.1/login.php
_Catatan: Ini akan berbeda jika Anda menginstal DVWA ke direktori yang berbeda._
## Pemecahan Masalah
Asumsi ini berlaku jika Anda menggunakan distribusi berbasis Debian, seperti Debian, Ubuntu, dan Kali. Untuk distribusi lainnya, ikuti langkah-langkah ini, tetapi perbarui perintah sesuai kebutuhan.
### Kontainer
#### Saya ingin mengakses log
Jika Anda menggunakan Docker Desktop, log dapat diakses dari aplikasi grafis.
Beberapa detail kecil mungkin berubah dengan versi terbaru, tetapi metode akses seharusnya tetap sama.
Log juga dapat diakses dari terminal.
1. Buka terminal dan ubah direktori kerjanya ke DVWA.
2. Tampilkan log yang telah digabungkan.
```
docker compose logs
```
Jika Anda ingin mengekspor log ke file, misalnya `dvwa.log`
```
docker compose logs >dvwa.log
```
#### Saya ingin menjalankan DVWA di port yang berbeda
Kami tidak menggunakan port 80 secara default karena beberapa alasan:
- Beberapa pengguna mungkin sudah menjalankan sesuatu di port 80.
- Beberapa pengguna mungkin menggunakan mesin kontainer tanpa hak istimewa (seperti Podman), dan 80 adalah port yang memerlukan hak istimewa (< 1024). Konfigurasi tambahan (misalnya, pengaturan `net.ipv4.ip_unprivileged_port_start`) diperlukan, tetapi Anda harus melakukan penelitian sendiri.
Anda dapat mengekspos DVWA di port yang berbeda dengan mengubah ikatan port dalam berkas `compose.yml`.
Sebagai contoh, Anda dapat mengubah
```
ports:
- 127.0.0.1:4280:80
```
Menjadi
```
ports:
- 127.0.0.1:8806:80
```
DVWA sekarang dapat diakses di `http://localhost:8806`.
#### DVWA Mulai Otomatis Saat Docker Berjalan
Berkas [`compose.yml`](./compose.yml) yang disertakan secara otomatis menjalankan DVWA dan basis data ketika Docker berjalan.
Untuk menonaktifkan ini, Anda dapat menghapus atau mengomentari baris `restart: unless-stopped` dalam berkas [`compose.yml`](./compose.yml).
Jika Anda ingin menonaktifkan perilaku ini secara sementara, Anda dapat menjalankan `docker compose stop`, atau menggunakan Docker Desktop, temukan `dvwa` dan klik Stop.
Selain itu, Anda dapat menghapus kontainer atau menjalankan `docker compose down`.
### Berkas Log
Pada sistem Linux, Apache secara default menghasilkan dua berkas log, `access.log` dan `error.log`, dan pada sistem berbasis Debian biasanya berada di `/var/log/apache2/`.
Ketika mengirimkan laporan kesalahan, masalah, atau hal lainnya, harap sertakan setidaknya lima baris terakhir dari masing-masing berkas ini. Pada sistem berbasis Debian, Anda dapat mendapatkannya seperti ini:
```
tail -n 5 /var/log/apache2/access.log /var/log/apache2/error.log
```
### Saya mencoba membuka situs dan mendapatkan 404
Jika Anda mengalami masalah ini, Anda perlu memahami lokasi berkas. Secara default, root dokumen Apache (tempat mulai mencari konten web) adalah `/var/www/html`. Jika Anda meletakkan berkas `hello.txt` di direktori ini, untuk mengaksesnya, Anda akan membuka `http://localhost/hello.txt`.
Jika Anda membuat direktori dan meletakkan berkas di dalamnya - `/var/www/html/mydir/hello.txt` - Anda kemudian perlu membuka `http://localhost/mydir/hello.txt`.
Linux secara default bersifat case-sensitive, sehingga dalam contoh di atas, jika Anda mencoba membuka salah satu dari ini, Anda akan mendapatkan `404 Not Found`:
- `http://localhost/MyDir/hello.txt`
- `http://localhost/mydir/Hello.txt`
- `http://localhost/MYDIR/hello.txt`
Bagaimana ini memengaruhi DVWA? Kebanyakan orang menggunakan git untuk mengecek DVWA ke dalam `/var/www/html`, ini memberi mereka direktori `/var/www/html/DVWA/` dengan semua berkas DVWA di dalamnya. Mereka kemudian membuka `http://localhost/` dan mendapatkan entah `404` atau halaman selamat datang Apache default. Karena berkas berada di DVWA, Anda harus membuka `http://localhost/DVWA`.
Kesalahan umum lainnya adalah membuka `http://localhost/dvwa` yang akan memberikan `404` karena `dvwa` bukanlah `DVWA` yang dianggap oleh pencocokan direktori Linux.
Jadi setelah instalasi, jika Anda mencoba mengunjungi situs dan mendapatkan `404`, pertimbangkan di mana Anda menginstal berkas tersebut, di mana berkas tersebut relatif terhadap root dokumen, dan apa huruf kecil dan besar dari direktori yang Anda gunakan.
### "Access denied" saat menjalankan setup
Jika Anda melihat pesan berikut saat menjalankan skrip setup, itu berarti nama pengguna atau kata sandi dalam berkas konfigurasi tidak sesuai dengan yang dikonfigurasi pada basis data:
```
Database Error #1045: Access denied for user 'notdvwa'@'localhost' (using password: YES).
```
Error ini memberi tahu Anda bahwa Anda menggunakan nama pengguna `notdvwa`.
Error berikut mengatakan bahwa Anda telah menunjuk berkas konfigurasi ke basis data yang salah.
```
SQL: Access denied for user 'dvwa'@'localhost' to database 'notdvwa'
```
Ini mengatakan bahwa Anda menggunakan pengguna `dvwa` dan mencoba terhubung ke basis data `notdvwa`.
Hal pertama yang harus dilakukan adalah memeriksa kembali apakah yang Anda kira telah dimasukkan ke dalam berkas konfigurasi sesuai dengan yang sebenarnya ada di sana.
Jika sesuai dengan harapan Anda, langkah berikutnya adalah memeriksa apakah Anda dapat masuk sebagai pengguna tersebut melalui baris perintah. Mengasumsikan Anda memiliki pengguna basis data `dvwa` dan kata sandi `p@ssw0rd`, jalankan perintah berikut:
```
mysql -u dvwa -pp@ssw0rd -D dvwa
```
*Catatan: Tidak ada spasi setelah -p*
Jika Anda melihat yang berikut, kata sandi sudah benar:
```
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 14
Server version: 10.3.22-MariaDB-0ubuntu0.19.10.1 Ubuntu 19.10
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [dvwa]>
```
Seiring terhubung melalui baris perintah, kemungkinan ada kesalahan dalam berkas konfigurasi. Periksa kembali dan laporkan masalah jika Anda masih belum bisa membuat semuanya berfungsi.
Jika Anda melihat yang berikut, nama pengguna atau kata sandi yang Anda gunakan salah. Ulangi langkah-langkah [Database Setup](#database-setup) dan pastikan Anda menggunakan nama pengguna dan kata sandi yang sama sepanjang proses.
```
ERROR 1045 (28000): Access denied for user 'dvwa'@'localhost' (using password: YES)
```
Jika Anda mendapatkan yang berikut, kredensial pengguna benar tetapi pengguna tidak memiliki akses ke basis data. Sekali lagi, ulangi langkah-langkah setup dan periksa nama basis data yang Anda gunakan.
```
ERROR 1044 (42000): Access denied for user 'dvwa'@'localhost' to database 'dvwa'
```
Kesalahan yang mungkin Anda dapatkan adalah ini:
```
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
```
Ini bukan masalah otentikasi tetapi memberi tahu Anda bahwa server basis data tidak berjalan. Mulailah dengan perintah berikut:
```
sudo service mysql start
```
### Metode otentikasi tidak dikenal
Dengan versi MySQL terbaru, PHP tidak lagi dapat berkomunikasi dengan basis data dalam konfigurasi default. Jika Anda mencoba menjalankan skrip setup dan mendapatkan pesan berikut, itu berarti Anda memiliki konfigurasi.
```
Database Error #2054: The server requested authentication method unknown to the client.
```
Anda memiliki dua pilihan, yang paling mudah adalah menghapus MySQL dan menginstal MariaDB. Berikut adalah panduan resmi dari proyek MariaDB:
<https://mariadb.com/resources/blog/how-to-migrate-from-mysql-to-mariadb-on-linux-in-five-steps/>
Sebagai alternatif, ikuti langkah-langkah berikut:
1. Sebagai root, edit berkas berikut: `/etc/mysql/mysql.conf.d/mysqld.cnf`
2. Di bawah baris [mysqld], tambahkan baris berikut:
```default-authentication-plugin=mysql_native_password```
3. Restart database: ```sudo service mysql restart```
4. Periksa metode autentikasi untuk pengguna database Anda:
```sql
mysql> select Host,User, plugin from mysql.user where mysql.user.User = 'dvwa';
+-----------+------------------+-----------------------+
| Host | User | plugin |
+-----------+------------------+-----------------------+
| localhost | dvwa | caching_sha2_password |
+-----------+------------------+-----------------------+
1 rows in set (0.00 sec)
```
5. Kemungkinan besar Anda akan melihat `caching_sha2_password`. Jika ya, jalankan perintah berikut:
```sql
mysql> ALTER USER dvwa@localhost IDENTIFIED WITH mysql_native_password BY 'p@ssw0rd';
```
6. Menjalankan pemeriksaan ulang, seharusnya sekarang Anda akan melihat `mysql_native_password`.
```sql
mysql> select Host,User, plugin from mysql.user where mysql.user.User = 'dvwa';
+-----------+------+-----------------------+
| Host | User | plugin |
+-----------+------+-----------------------+
| localhost | dvwa | mysql_native_password |
+-----------+------+-----------------------+
1 row in set (0.00 sec)
```
Setelah semua langkah tersebut, proses penyiapan seharusnya sekarang berjalan dengan normal.
Jika Anda ingin informasi lebih lanjut, lihat halaman berikut: <https://www.php.net/manual/en/mysqli.requirements.php>.
### Database Error #2002: Tidak ada file atau direktori yang sesuai.
Server database tidak berjalan. Pada distribusi berbasis Debian, ini dapat dilakukan dengan perintah:
```sh
sudo service mysql start
```
### Errors "MySQL server has gone away" and "Packets out of order"
Ada beberapa alasan mengapa Anda bisa mendapatkan kesalahan ini, tetapi yang paling mungkin adalah versi server basis data yang Anda jalankan tidak kompatibel dengan versi PHP.
Ini biasanya terjadi ketika Anda menjalankan versi terbaru MySQL yang tidak selaras dengan PHP. Saran terbaik, ganti MySQL dengan menginstal MariaDB, karena ini bukan sesuatu yang dapat kami dukung.
Untuk informasi lebih lanjut, lihat:
<https://www.ryadel.com/en/fix-mysql-server-gone-away-packets-order-similar-mysql-related-errors/>
### Perintah Injection tidak bekerja
Apache mungkin tidak memiliki hak istimewa yang cukup untuk menjalankan perintah pada server web. Jika Anda menjalankan DVWA di bawah Linux, pastikan Anda masuk sebagai root. Di bawah Windows, masuk sebagai Administrator.
### Database tidak terhubung pada CentOS?
Anda mungkin mengalami masalah dengan SELinux. Matikan SELinux atau jalankan perintah berikut untuk mengizinkan web server berkomunikasi dengan basis data:
```
setsebool -P httpd_can_network_connect_db 1
```
### Yang lainnya
Untuk informasi pemecahan masalah terbaru, harap baca masalah terbuka dan yang sudah ditutup di repositori Git:
<https://github.com/digininja/DVWA/issues>
Sebelum mengajukan tiket, pastikan Anda menjalankan versi terbaru kode dari repositori. Ini bukan versi terbaru yang dirilis, tetapi kode terbaru dari cabang master.
Jika Anda mengajukan tiket, harap kirimkan setidaknya informasi berikut:
- Sistem Operasi
- 5 baris terakhir dari log kesalahan server web segera setelah kesalahan yang Anda laporkan terjadi
- Jika ini adalah masalah otentikasi basis data, ikuti langkah-langkah di atas dan tangkap layar setiap langkah. Kirimkan ini bersama dengan tangkapan layar bagian file konfigurasi yang menunjukkan pengguna dan kata sandi basis data.
- Deskripsi lengkap tentang apa yang salah, apa yang Anda harapkan terjadi, dan apa yang sudah Anda coba lakukan untuk memperbaikinya. "login broken" tidak cukup bagi kami untuk memahami masalah Anda dan membantu memperbaikinya.
- - -
### Panduan
Saya akan mencoba membuat beberapa video tutorial yang menguraikan beberapa kerentanan dan menunjukkan cara mendeteksinya, dan kemudian bagaimana cara mengeksploitasi mereka. Berikut adalah yang sudah saya buat sejauh ini:
[Finding and Exploiting Reflected XSS](https://youtu.be/V4MATqtdxss)
- - -
## SQLite3 SQL Injection
Dukungan untuk ini terbatas, sebelum mengajukan masalah, pastikan Anda siap untuk melakukan debug, jangan hanya mengklaim "tidak berfungsi".
Secara default, SQLi dan Blind SQLi dilakukan terhadap server MariaDB/MySQL yang digunakan oleh situs, tetapi memungkinkan untuk beralih untuk melakukan pengujian SQLi terhadap SQLite3.
Saya tidak akan membahas cara menggunakan SQLite3 dengan PHP, tetapi seharusnya cukup mudah dengan menginstal paket `php-sqlite3` dan memastikan bahwa paket tersebut diaktifkan.
Untuk beralih, cukup edit file konfigurasi dan tambahkan atau edit baris-baris berikut:
```
$_DVWA["SQLI_DB"] = "sqlite";
$_DVWA["SQLITE_DB"] = "sqli.db";
```
Secara default, program ini menggunakan file `database/sqli.db`. Jika Anda mengalami kesalahan, cukup salin file `database/sqli.db.dist` di atasnya.
Tantangannya sama persis seperti untuk MySQL, hanya saja dijalankan dengan menggunakan SQLite3.
- - -
👨💻 Kontributor
-----
Terima kasih atas semua kontribusi Anda dan menjaga proyek ini tetap terkini. :heart:
Jika Anda memiliki ide, jenis perbaikan, atau hanya ingin berkolaborasi, Anda dipersilakan untuk berkontribusi dan berpartisipasi dalam Proyek ini. Jangan ragu untuk mengirimkan permintaan tautan (PR) Anda.
<p align="center">
<a href="https://github.com/digininja/DVWA/graphs/contributors">
<img src="https://contrib.rocks/image?repo=digininja/DVWA&max=500">
</a>
</p>
- - -
## Tautan
Beranda Proyek: <https://github.com/digininja/DVWA>
*Dibuat oleh tim DVWA*
================================================
FILE: README.it.md
================================================
# DAMN VULNERABLE WEB APPLICATION
Damn Vulnerable Web Application (DVWA) è un'applicazione web PHP/MariaDB che è dannatamente vulnerabile. Il suo principale obiettivo è: essere d'aiuto a professionisti di sicurezza informatica per testare le loro skill e i loro strumenti in un ambiente legale,aiutare i web developers a mettere in sicurezza le web applications e aiutare sia studenti che docenti a capire la sicurezza delle web applications in un'ambiente controllato.
L'obiettivo di DVWA è **praticare alcune tra le più comuni vulnerabilità web** con **vari livelli di difficoltà**e con una semplice e diretta interfaccia. È opportuno notare che sono presenti sia **vulnerabilità documentate e non documentate** con questo software. Questo è stato fatto intenzionalmente. Si è pregati di provare a scoprire più vulnerabilità possibili.
- - -
## ATTENZIONE!
Damn Vulnerable Web Application è dannatamente vulnerabile! **Non caricarla nella cartella contentente i file html del tuo provider di hosting né su alcun server accessibile da Internet** perché saranno compromessi. È raccomandato utilizzare una macchina virtuale (ad esempio [VirtualBox](https://www.virtualbox.org/) oppure [VMware](https://www.vmware.com/)), che sia settata su NAT modalità networking. Dentro una macchina guest, bisogna scaricare ed installare [XAMPP](https://www.apachefriends.org/) per il server web ed il database.
### Disclaimer
Non ci assumiamo la responsabilità del modo in cui verrà utilizzata questa applicazione (DVWA). L'obiettivo di questa applicazione è stato dichiarato in modo chiaro e non dovrebbe essere usata per altri scopi. Abbiamo avvisato e dato misure di sicurezza per fare in modo che gli utenti non installino DVWA nei loro live web servers. Se il tuo live web server è compromesso da un'installazione di DVWA, non è nostra responsabilità, è responsabilità della persona che ha caricato e installato il software.
---
## Licensa
Questo file è parte di Damn Vulnerable Web Application (DVWA).
Vulnerable Web Application (DVWA). è un software libero:
si può ridistribuire e/o modificarlo sotto i termini del GNU General Public LIcense come pubblicato dalla Free Software Foundation, sia la versione 3 della licensa o qualsiasi versione posteriore.
Damn Vulnerable Web Application (DVWA) è distribuito nella speranza che sarà utile, ma senza ALCUNA GARANZIA; neppure la garanzia implicita di COMMERCIABILITÀ o IDONEITÀ PER UNO SCOPO PARTICOLARE. Vedi la GNU General Public License per ulteriori dettagli.
È necessario avere una copia del GNU General Public License assieme a Damn Vulnerable Web Application (DVWA). Altrimenti, vedere <https://www.gnu.org/licenses/>.
- - -
## Internazionalizzazione
Questo file è disponibile in diverse lingue:
- Arabo: [العربية](README.ar.md)
- Cinese: [简体中文](README.zh.md)
- Francese: [Français](README.fr.md)
- Coreano: [한국어](README.ko.md)
- Persiano: [فارسی](README.fa.md)
- Polacco: [Polski](README.pl.md)
- Portoghese: [Português](README.pt.md)
- Spagnolo: [Español](README.es.md)
- Turco: [Türkçe](README.tr.md)
- Indonesiano: [Indonesia](README.id.md)
- Vietnamita: [Vietnamese](README.vi.md)
- Italiano: [Italiano](README.it.md)
Se si desidera contribuire ad una traduzione, si invii per favore una PR. Nota però: questo non significa semplicemente passare il testo su Google Translate e inviarlo, tali traduzioni verranno rifiutate. Invia la tua versione tradotta aggiungendo un nuovo file chiamato README.xx.md, dove xx è il codice a due lettere della lingua desiderata (basato sullo standard ISO 639-1).
- - -
## Download
Anche se ci sono varie versione di DVWA in circolazione, l'unica supportata è l'ultima dal repository ufficiale di GitHub. Si può sia clonare dal repo:
```sh
git clone https://github.com/digininja/DVWA.git
```
O [scaricare un ZIP dei file](https://github.com/digininja/DVWA/archive/master.zip).
- - -
## Installazione
### Installazione Automatica 🛠️
**Nota, questo non è uno script ufficiale di DVWA, è stato scritto da [IamCarron](https://github.com/iamCarron/). Creare questo script è costato molto lavoro e, quando è stato creato, era sicuro, tuttavia è consigliato leggere lo script prima di eseguirlo alla cieca, per sicurezza. Per favore segnalare qualsiasi bug a [IamCarron](https://github.com/iamCarron/), non qui.**
Uno script di configurazione automatica per DVWA su macchine basate su Debian, inclusa Kali, Ubunut, Kubuntu, Linux Mint, Zorin OS...
**Nota: Questo script richiede i permessi di root ed è pensato per sistemi basati su Debian. È necessario assicurarsi che si è utente root.**
#### Requisiti per l'installazione
- **Sistema operativo:** Sistemi basati su Debian (Kali, Ubuntu, Kubuntu, Linux Mint, Zorin Os)
- **Privilegi-** Eseguire come utente root
#### Step dell'installazione
##### One-Liner
Questo comando scarica lo script scritto da [@IamCarron](https://github.com/iamCarron/) e lo esegue automaticamente. Questo non sarebbe incluso qui se non avessimo fiducia nell'autore e nello script così com'era al momento della revisione, ma esiste sempre la possibilità che qualcuno agisca in modo malevolo. Pertanto, se non ti senti al sicuro nell'eseguire codice di terzi senza prima esaminarlo personalmente, segui la procedura manuale e potrai rivedere lo script una volta scaricato.
```sh
sudo bash -c "$(curl --fail --show-error --silent --location https://raw.githubusercontent.com/IamCarron/DVWA-Script/main/Install-DVWA.sh)"
```
##### Esecuzione manuale dello Script
1. **##Scarica lo script:**
```sh
wget https://raw.githubusercontent.com/IamCarron/DVWA-Script/main/Install-DVWA.sh
```
2. **Rendi lo script eseguibile:**
```sh
chmod +x Install-DVWA.sh
```
3. **Esegui lo script come utente root:**
```sh
sudo ./Install-DVWA.sh
```
### Video di installazione
- [Installa DVWA su Kali utilizzando Virtualbox](https://www.youtube.com/watch?v=WkyDxNJkgQ4)
- [Installa DVWA su Windows utilizzando XAMPP](https://youtu.be/Yzksa_WjnY0)
- [Installa Damn Vulnerable Web Application (DVWA) on Windows 10](https://www.youtube.com/watch?v=cak2lQvBRAo)
### Windows + XAMPP
Il modo più semplice per installare DVWA è scaricare ed installare [XAMPP](https://www.apachefriends.org/) qualora già non si abbia un setup di un Web Server.
XAMPP è una distribuzione Apache per Linux, Solaris, Window e MAC OS X molto semplice da installare. I pacchetti includono il web server Apache, MYSQL, PHP Perl, un server FTP e phpMyAdmin.
Questo [video](https://youtu.be/Yzksa_WjnY0) mostra gli step per l'installazione per Windows. Tuttavia dovrebbe essere simile per altri sistemi operativi.
### Docker
Grazie a [hoang-himself](https://github.com/hoang-himself) e [JGillam](https://github.com/JGillam), ogni commit al `master` branch fa in modo che un'immagine Docker sia buildata per ogni branch e sia pronta da essere pullata dal GitHub Container Registry.
Per più informazioni, si visiti [le Immagini Docker prebuildate](https://github.com/digininja/DVWA/pkgs/container/dvwa).
#### Per iniziare
Prerequisiti: Docker e Docker Compose.
- Se si usa Docker Desktop, entrambi i requisiti dovrebbero essere già installati.
- Se si preferisce l'utilizzo di Docker Engine su Linux, è importante seguire correttamente la [guida d'installazione](https://docs.docker.com/engine/install/#server).
**Forniamo assistenza per l'ultima versione di Docker come discusso sopra.**
Se stai usando Linux e il pacchetto Docker fornito dal tuo gestore di pacchetti, probabilmente funzionerà comunque, ma il supporto sarà fornito solo best-effort.
Aggiornare Docker dalla versione del gestore pacchetti a quella ufficiale ("upstream") richiede la disinstallazione delle vecchie versioni, come indicato nella documentazione per [Ubuntu](https://docs.docker.com/engine/install/ubuntu/#uninstall-old-versions), [Fedora](https://docs.docker.com/engine/install/fedora/#uninstall-old-versions) e altre distribuzioni.
I tuoi dati Docker (container, immagini, volumi, ecc.) non dovrebbero essere influenzati, ma nel caso si presentino problemi, assicurati di segnalarli a [Docker](https://www.docker.com/support) e nel frattempo utilizza i motori di ricerca.
Poi, per iniziare:
1. Esegui `docker version` and `docker compose version` per verificare di avere correttamente installati Docker e Docker Compose. Si dovrebbe essere in grado di vedere le versioni dei pacchetti in output.
Per esempio:
```text
>>> docker version
Client:
[...]
Version: 23.0.5
[...]
Server: Docker Desktop 4.19.0 (106363)
Engine:
[...]
Version: 23.0.5
[...]
>>> docker compose version
Docker Compose version v2.17.3
```
Se non si vede nulla oppure si ha un "errore: comando non trovato", seguire i prerequisiti per fare il setup di Docker e Docker Compose.
2. Clonare e scaricare questo repository ed estrarre (vedere [Download](#download)).
3. Aprire un terminale di tua scelta e cambiare la cartella di lavoro in questa cartella (`DVWA`).
3. Eseguire `docker compose up -d`.
DVWA è ora disponibile all'indirizzo `http://localhost:4280`.
**Nota che per eseguire DVWA nei container, il web server è in ascolto sulla porta 4280 invece che la solita porta 80.**
Per più informazioni su questa decisione, vedere [Voglio eseguire DVWA su una porta differente](#Voglio-eseguire-DVWA-su-una-porta-differente)
#### Build locale
Se si sono fatti cambiamente e si vuole buildare il progetto da locale, andare a `compose.yml` e cambiare `pull_policy: always` in `pull_policy: build`.
Eseguire `docker compose up -d` dovrebbe spingere Docker a buildare un'immagine da locale indipendentemente da ciò che è disponibile nel registro.
See also: [`pull_policy`](https://github.com/compose-spec/compose-spec/blob/master/05-services.md#pull_policy).
#### Serve local files
Se si stanno facendo cambiamenti in locale e non si vuole effettuare una build per ogni cambiamente:
1. Andare a `compose.yml` e rimuovare il commento da :
```
# volumes:
# - ./:/var/www/html
```
2. Eseguire `cp config/config.inc.php.dist config/config.inc.php` per copiare il file di configurazione di default.
3. Eseguire `docker compose up -d` e i cambiamenti sui file locale si rifletteranno sul container.
### Versioni PHP
Idealmente, dovresti utilizzare l'ultima versione stabile di PHP, poiché è su quella versione che questa applicazione verrà sviluppata e testata.
Non verrà fornito supporto a chi tenta di utilizzare PHP 5.x.
Le versioni inferiori alla 7.3 presentano problemi noti che possono causare malfunzionamenti: gran parte dell'app funzionerà, ma alcune funzionalità potrebbero comportarsi in modo imprevedibile. A meno che tu non abbia un motivo davvero valido per utilizzare una versione così obsoleta, il supporto non sarà garantito.
### Pacchetti Linux
Se stai usando una distribuzione Linux basata su Debian, saranno necessari i seguenti pacchetti _(o loro equivalenti)_:
- apache2
- libapache2-mod-php
- mariadb-server
- mariadb-client
- php php-mysqli
- php-gd
Raccomanderei di fare un update prima di scaricarli, in modo tale da avere sicuramente l'ultima versione di tutto.
```sh
apt update
apt install -y apache2 mariadb-server mariadb-client php php-mysqli php-gd libapache2-mod-php
```
Il sito funzionerà con MySQL invece di MariaDB ma incoraggiamo vivamente MariaDB poiché funziona out of the box. Con MYSQL è necessario fare dei cambiamenti affinché funzioni.
### Moduli Apache
Se si vuole usare il lab API è necessario avere il modulo Apache `mod_rewrite` abilitato. Per fare questo in linux eseguire:
```
a2enmod rewrite
```
Poi riavviare Apache con:
```
apachectl restart
```
### File sellers
Se si vuole usare il modulo API sarà necessario scaricare un insieme di file sellers usando [Composer](https://getcomposer.org/).
In primo luogo, assicurarsi di avere Composer installato. Sembrano esserci problemi di incompatibilità tra le versioni. Io ottengo le versioni più recenti da qui:
https://getcomposer.org/doc/00-intro.md
Seguire le istruzioni del sito per installare Composer.
Poi andare dentro la cartella `vulnerabilities/api` ed eseguire:
```
composer.phar install
```
Se non si è scaricato Composer nella cartella di sistema, assicurarsi di avere come riferimento il percorso completo.
## Configurations
### Config File
DVWA viene fornito con una copia fittizia del suo file di configurazione, che dovrai copiare nella posizione corretta e poi modificare opportunamente. Su Linux, assumendo che tu sia nella directory di DVWA, questo può essere fatto come segue:
`cp config/config.inc.php.dist config/config.inc.php`
Su Windows, questo può essere un po’ più complicato se le estensioni dei file sono nascoste. Se non si è sicuri di questo aspetto, questo articolo del blog lo spiega più nel dettaglio:
[Come mostrare l'estensione dei file su Windows](https://www.howtogeek.com/205086/beginner-how-to-make-windows-show-file-extensions/)
### Configurazione con variabili di ambiente
Invece di modificare il file di configurazione, puoi anche impostare la maggior parte delle opzioni utilizzando delle variabili d'ambiente. In un deployment Docker o Kubernetes, questo ti permette di modificare la configurazione senza dover creare una nuova immagine Docker. Troverai le variabili nel [config/config.inc.php.dist](config/config.inc.php.dist) file.
Se si desidera impostare il livello di sicurezza su "basso", aggiungere semplicemente la seguente linea al file [compose.yml](./compose.yml):
```yml
environment:
- DB_SERVER=db
- DEFAULT_SECURITY_LEVEL=low
```
### Setup Del Database
Per fare il setup del database, semplicemente cliccare sul bottone `Setup DVWA` nel menu principale, poi cliccare il bottone `Create / Reset Database`. Questo creerà / resetterà il database per te con un po' di dati al suo interno.
Qualora si riceva un errore durante la creazione del database, assicurarsi di aver inserito delle credenziali corrette dentro `./config/config.inc.php`. _Questo è diverso da config.inc.php.dist, è solo un file di esempio._
Le variabili sono settate ai seguenti valori di default:
```php
$_DVWA[ 'db_server'] = '127.0.0.1';
$_DVWA[ 'db_port'] = '3306';
$_DVWA[ 'db_user' ] = 'dvwa';
$_DVWA[ 'db_password' ] = 'p@ssw0rd';
$_DVWA[ 'db_database' ] = 'dvwa';
```
Nota, se si sta usando MariaDB invece di MySQL (MariaDB è il default in Kali), non si può usare l'utente root del database, bisogna creare un nuovo utente del database. Per fare questo, connettersi al database come utente root e usare i seguenti comandi:
```mariadb
MariaDB [(none)]> create database dvwa;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> create user dvwa@localhost identified by 'p@ssw0rd';
Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> grant all on dvwa.* to dvwa@localhost;
Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
```
### Disabilitare L'Autenticazione
Alcuni strumenti non funzionano bene con l'autenticazione quindi non possono essere usati con DVWA. Per risolvere questo, c'è un'impostazione di configurazione per disabilitare il controllo dell'autenticazione. Per farlo, bisogna semplicemente settare il seguente flag nel file di configurazione
```php
$_DVWA[ 'disable_authentication' ] = true;
```
Sarà anche necessario impostare il livello di sicurezza su uno che sia appropriato sul livello di test che si vuole fare:
```php
$_DVWA[ 'default_security_level' ] = 'low';
```
In questo caso, si può accedere a tutte le features senza il bisogno di essere loggati o senza alcun cookie.
### Cartella Permessi
- `./hackable/uploads/` - È necessario che sia scrivibile dal Web Service (per il File Upload).
### Configurazione PHP
Sui sistemi Linux, probabilmente si trova in `/etc/php/x.x/fpm/php.ini` o `/etc/php/x.x/apache2/php.ini`.
- Per abilitare il Remote File Inclusions (RFI):
- `allow_url_include = on` [[allow_url_include](https://secure.php.net/manual/en/filesystem.configuration.php#ini.allow-url-include)]
- `allow_url_fopen = on` [[allow_url_fopen](https://secure.php.net/manual/en/filesystem.configuration.php#ini.allow-url-fopen)]
- Per essere sicuri che PHP mostri tutti i messaggi di errore:
- `display_errors = on` [[display_errors](https://secure.php.net/manual/en/errorfunc.configuration.php#ini.display-errors)]
- `display_startup_errors = on` [[display_startup_errors](https://secure.php.net/manual/en/errorfunc.configuration.php#ini.display-startup-errors)]
È necessario riavviare il servizio php o Apache dopo aver effettuato i cambiamenti.
### reCAPTCHA
È necessario eseguire quanto riportato qui sotto solo per il laboratorio "CAPTCHA insicuro", se non si vuole usare con quel laboratorio, si può ignorare questo capitolo.
Generare un paio di chiavi da <https://www.google.com/recaptcha/admin/create>.
Poi andare nelle seguenti sezioni di `./config/config.inc.php`:
- `$_DVWA[ 'recaptcha_public_key' ]`
- `$_DVWA[ 'recaptcha_private_key' ]`
### Credenziali Di Default
**Default username = `admin`**
**Default password = `password`**
_...può essere bruteforzato facilmente ;)_
URL DI LOGIN: <http://127.0.0.1/login.php>
_Nota: Questo sarà differente se si è installato DVWA in una cartella differente._
- - -
## Risoluzione Di Problemi
Si presume che si stia utilizzando una distribuzione basata su Debian, come Debian, Ubuntu o Kali. Per altre distribuzioni, si può comunque seguire la guida, aggiornando i comandi dove opportuno.
Se si preferisce guardare un video anziché leggere, i problemi più comuni vengono trattati nel video [Fixing DVWA Setup Issues](https://youtu.be/C-kig5qrPSA?si=_a4Bop505-1tXb_F).
### Containers
#### Vorrei accedere i log
Se si sta usando Docker Desktop, i log possono essere acceduti dall'applicazione grafica. Alcuni cambiamenti minori ci possono essere nelle versioni più recenti ma il metodo di accesso dovrebbe essere il medesimo.
I log possono essere anche acceduti dal terminale.
1. Aprire un terminale e cambiare la cartella di lavoro di DVWA.
2. Mostrare i log uniti
```sh
docker compose logs
```
In caso si vogliano esportare i log, i.e. `dvwa.log`
```sh
docker compose logs > dvwa.log
```
#### Voglio eseguire DVWA in un'altra porta
Non si utilizza la porta 80 come predefinita per alcuni motivi:
- Alcuni utenti potrebbero avere già qualcosa in esecuzione sulla porta 80.
- Alcuni utenti potrebbero usare un container senza privilegi (come Podman), e la porta 80 è una porta privilegiata (< 1024). Sarebbe necessaria una configurazione aggiuntiva (ad esempio impostare `net.ipv4.ip_unprivileged_port_start`) è necessario, ma su questo bisognerà informarsi autonomamente.
Si può esporre DVWA su una porta diversa modificando l'associazione della porta nel file `compose.yml`.
Per esempio, si può cambiare
```yml
ports:
- 127.0.0.1:4280:80
```
in
```yml
ports:
- 127.0.0.1:8806:80
```
DVWA è ora accessibile a `http://localhost:8806`.
Nei casi in cui si desideri che DVWA sia accessibile non solo dal proprio dispositivo, ma anche dalla rete locale (ad esempio perché si sta configurando una macchina di test per un workshop), si può rimuovere il `127.0.0.1:` dall’associazione delle porte (oppure sostituirlo con l’indirizzo IP della propria LAN). In questo modo, l'applicazione ascolterà su tutte le interfacce di rete disponibili.
La scelta predefinita e più sicura dovrebbe comunque essere quella di limitare l’ascolto al solo dispositivo locale (loopback). In fin dei conti, si tratta di un'applicazione web deliberatamente vulnerabile, in esecuzione sulla propria macchina.
437
Il file incluso [`compose.yml`](./compose.yml) esegue automaticamente DVWA e il suo database quando Docker viene inizializzato.
Per disabilitare questa funzione, si può eliminare o commentare la linea `restart: unless-stopped` nel file [`compose.yml`](./compose.yml)
Se si vuole disabilitare questo comportamento temporaneamente, si può eseguire `docker compose stop`, o usare Docker Desktop, trovare `dvwa` e cliccare Stop.
Addizionalmente, si possono eliminare i container oppure eseguire `docker compose down`.
### File di log
Sui sistemi Linux Apache genera due file di log di default, `access.log` e `error.log` e sui sistemi Debian sono solitamente nella cartella `/var/log/apache2/`.
Durante la segnalazione di errori, problemi o qualsiasi cosa del genere, per favore includere almeno cinque linee da ognuno di questi file. Sui sistemi basati su Debian si possono ottenere questi file così
```sh
tail -n 5 /var/log/apache2/access.log /var/log/apache2/error.log
```
### Navigando sul sito ho ottenuto un errore 404 o la pagina predefinita di Apache2
[Video di aiuto](https://youtu.be/C-kig5qrPSA?si=wTS3Aj8fycW3Idfr&t=141)
Se si sta avendo questo problema bisogna capire come funziona la posizione dei file. Di default, la root dei documenti di Apache (il posto in cui comincia a cercare i documenti) è `/var/www/html`, Se si posiziona il file `hello.txt` in questa cartella, per accedere questo file sarà necessario navigare a `http://localhost/hello.txt`.
Se si è creata una cartella e messi i file lì dentro - `/var/www/html/mydir/hello.txt` - si avrà bisogno di navigare a `http://localhost/mydir/hello.txt`.
Linux è attento alle maiuscole e minuscole, se non si fa attenzione si può ottenere un errore `404 Not Found`:
- `http://localhost/MyDir/hello.txt`
- `http://localhost/mydir/Hello.txt`
- `http://localhost/MYDIR/hello.txt`
Che effetto ha questo su DVWA? Diverse persone usano git per clonare DVWA in `/var/www/html`, questo crea la cartella `/var/www/html/DVWA/` con tutti i file al suo interno. Successivamente navigano `http://localhost/` e ottengono o `404` o la pagina predefinita di Apache. Poiché i file sono in DVWA bisogna navigare in `http://localhost/DVWA`.
L'altro errore comune è quello di navigare su `http://localhost/dvwa`, il che porta a un errore `404` perché `dvwa` non è `DVWA`, dato che in Linux si fa distinzione tra maiuscole e minuscole nei nomi delle directory.
Quindi, dopo l'installazione, se si prova a visitare il sito e si riceve un errore `404`, si deve riflettere su dove sono stati installati i file, su dove si trovano rispetto alla radice del documento e su come siano scritte le lettere della directory usata.
### Navigando la pagina ho ottenuto uno schermo vuoto
[Video d'aiuto](https://youtu.be/C-kig5qrPSA?si=wTS3Aj8fycW3Idfr&t=243)
Questo è di solito un problema di configurazione che ne nasconde un altro. Di default, PHP non mostra gli errori, e quindi, se ci si è dimenticati di attivare la visualizzazione degli errori durante il processo di configurazione, qualsiasi altro problema, come un fallimento nella connessione al database, impedirà all'applicazione di caricarsi, ma il messaggio che dice cosa non va sarà nascosto.
Per sistemare questo, bisogna essere sicuri di impostare `display_errors` e `display_startup_errors` come discusso in [Configurazione di PHP](#configurazione-php) e poi riavviare Apache.
### "Access denied" mentre si esegue il setup
Se si vede quanto segue durante l'esecuzione dello script di configurazione, significa che il nome utente o la password nel file di configurazione non corrispondono a quelli configurati nel database.
[Video d'aiuto](https://youtu.be/C-kig5qrPSA?si=_a4Bop505-1tXb_F&t=973)
```mariadb
Database Error #1045: Access denied for user 'notdvwa'@'localhost' (using password: YES).
```
L'errore sta dicendo che si sta usando lo username `notdvwa`.
Il seguente errore dice che si è scritto il file di configurazione al database sbagliato. [Video d'aiuto](https://youtu.be/C-kig5qrPSA?si=_a4Bop505-1tXb_F&t=630)
```mariadb
SQL: Access denied for user 'dvwa'@'localhost' to database 'notdvwa'
```
Questo errore sta invece dicendo che l'utente `dvwa` sta provando a connettersi al database `notdvwa`.
La prima cosa da fare è ricontrollare che ciò che si pensa di aver inserito nel file di configurazione sia effettivamente quello che è presente.
Se corrisponde a quanto ci si aspetta, la cosa successiva da fare è verificare se si riesce ad accedere come l’utente voluto da linea di comando. Supponendo di avere un utente del database chiamato `dvwa` e una password di `p@ssw0rd`, eseguire il seguente comando:
```sh
mysql -u dvwa -pp@ssw0rd -D dvwa
```
_Nota: non c'è uno spazio dopo -p_
Se si vede il seguente output, il codice è corretto:
```mariadb
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 14
Server version: 10.3.22-MariaDB-0ubuntu0.19.10.1 Ubuntu 19.10
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [dvwa]>
```
Poiché si riesce a connettersi dalla riga di comando, è probabile che ci sia qualcosa di sbagliato nel file di configurazione, lo si ricontrolli attentamente e poi si apra un issue se ancora non si riesce a far funzionare le cose.
Se si vede quanto segue, il nome utente o la password che si sta usando è sbagliato. Si ripetano i passaggi della [Database Setup](#database-setup) e ci si assicuri di usare lo stesso nome utente e la stessa password per tutto il processo.
```mariadb
ERROR 1045 (28000): Access denied for user 'dvwa'@'localhost' (using password: YES)
```
Se si ottiene quanto segue, le credenziali dell'utente sono corrette ma l'utente non ha accesso al database. Anche in questo caso, si ripetano i passaggi di configurazione e si controlli il nome del database che si sta usando.
```mariadb
ERROR 1044 (42000): Access denied for user 'dvwa'@'localhost' to database 'dvwa'
```
L'errore finale che si potrebbe ottenere è questo:
```mariadb
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
```
Questo non è un errore di autenticazione ma dice che il server del database non è in esecuzione. Si può avviarlo con il seguente comando.
```sh
sudo service mysql start
```
### Connessione rifiutata
[Video d
gitextract_f6hea358/
├── .dockerignore
├── .gitattributes
├── .github/
│ ├── FUNDING.yml
│ ├── ISSUE_TEMPLATE/
│ │ ├── bug-report---installation.md
│ │ ├── bug-report---vulnerability.md
│ │ └── i-m-stuck.md
│ └── workflows/
│ ├── codeql-analysis.yml
│ ├── docker-image.yml
│ ├── pytest.yml
│ ├── shiftleft-analysis.yml
│ └── vulnerable.yml
├── .gitignore
├── CHANGELOG.md
├── COPYING.txt
├── Dockerfile
├── README.ar.md
├── README.es.md
├── README.fa.md
├── README.fr.md
├── README.id.md
├── README.it.md
├── README.ko.md
├── README.md
├── README.pl.md
├── README.pt.md
├── README.ru.md
├── README.tr.md
├── README.uk.md
├── README.vi.md
├── README.zh.md
├── SECURITY.md
├── about.php
├── compose.yml
├── config/
│ └── config.inc.php.dist
├── database/
│ ├── bac_setup.sql
│ ├── create_mssql_db.sql
│ ├── create_oracle_db.sql
│ ├── create_postgresql_db.sql
│ ├── create_sqlite_db.sql
│ └── sqli.db.dist
├── docs/
│ └── pdf.html
├── dvwa/
│ ├── css/
│ │ ├── help.css
│ │ ├── login.css
│ │ ├── main.css
│ │ └── source.css
│ ├── includes/
│ │ ├── DBMS/
│ │ │ ├── MySQL.php
│ │ │ └── PGSQL.php
│ │ ├── Parsedown.php
│ │ └── dvwaPage.inc.php
│ └── js/
│ ├── add_event_listeners.js
│ └── dvwaPage.js
├── external/
│ └── recaptcha/
│ └── recaptchalib.php
├── hackable/
│ └── flags/
│ └── fi.php
├── index.php
├── instructions.php
├── login.php
├── logout.php
├── php.ini
├── phpinfo.php
├── robots.txt
├── security.php
├── security.txt
├── setup.php
├── tests/
│ ├── README.md
│ └── test_url.py
└── vulnerabilities/
├── api/
│ ├── .htaccess
│ ├── README.md
│ ├── bootstrap.php
│ ├── composer.json
│ ├── gen_openapi.php
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ ├── openapi.yml
│ ├── public/
│ │ └── index.php
│ ├── source/
│ │ ├── high.php
│ │ ├── impossible.php
│ │ ├── low.php
│ │ └── medium.php
│ └── src/
│ ├── GenericController.php
│ ├── HealthController.php
│ ├── Helpers.php
│ ├── Login.php
│ ├── LoginController.php
│ ├── Order.php
│ ├── OrderController.php
│ ├── Token.php
│ ├── User.php
│ └── UserController.php
├── authbypass/
│ ├── authbypass.js
│ ├── change_user_details.php
│ ├── get_user_data.php
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ └── source/
│ ├── high.php
│ ├── impossible.php
│ ├── low.php
│ └── medium.php
├── bac/
│ ├── README.md
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ ├── log_viewer.php
│ └── source/
│ ├── high.php
│ ├── impossible.php
│ ├── low.php
│ ├── medium.php
│ └── view_source.php
├── brute/
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ └── source/
│ ├── high.php
│ ├── impossible.php
│ ├── low.php
│ └── medium.php
├── captcha/
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ └── source/
│ ├── high.php
│ ├── impossible.php
│ ├── low.php
│ └── medium.php
├── cryptography/
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ └── source/
│ ├── check_token_high.php
│ ├── check_token_impossible.php
│ ├── download_ecb_attack.php
│ ├── download_oracle_attack.php
│ ├── ecb_attack.php
│ ├── high.php
│ ├── impossible.php
│ ├── low.php
│ ├── medium.php
│ ├── oracle_attack.php
│ ├── token_library_high.php
│ ├── token_library_impossible.php
│ └── xor_theory.php
├── csp/
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ └── source/
│ ├── high.js
│ ├── high.php
│ ├── impossible.js
│ ├── impossible.php
│ ├── jsonp.php
│ ├── jsonp_impossible.php
│ ├── low.php
│ └── medium.php
├── csrf/
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ ├── source/
│ │ ├── high.php
│ │ ├── impossible.php
│ │ ├── low.php
│ │ └── medium.php
│ └── test_credentials.php
├── exec/
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ └── source/
│ ├── high.php
│ ├── impossible.php
│ ├── low.php
│ └── medium.php
├── fi/
│ ├── file1.php
│ ├── file2.php
│ ├── file3.php
│ ├── file4.php
│ ├── help/
│ │ └── help.php
│ ├── include.php
│ ├── index.php
│ └── source/
│ ├── high.php
│ ├── impossible.php
│ ├── low.php
│ └── medium.php
├── help.css
├── help.js
├── javascript/
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ └── source/
│ ├── high.js
│ ├── high.php
│ ├── high_unobfuscated.js
│ ├── impossible.php
│ ├── low.php
│ ├── medium.js
│ └── medium.php
├── open_redirect/
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ └── source/
│ ├── high.php
│ ├── impossible.php
│ ├── info.php
│ ├── low.php
│ └── medium.php
├── sqli/
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ ├── session-input.php
│ ├── source/
│ │ ├── high.php
│ │ ├── impossible.php
│ │ ├── low.php
│ │ └── medium.php
│ └── test.php
├── sqli_blind/
│ ├── cookie-input.php
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ └── source/
│ ├── high.php
│ ├── impossible.php
│ ├── low.php
│ └── medium.php
├── upload/
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ └── source/
│ ├── high.php
│ ├── impossible.php
│ ├── low.php
│ └── medium.php
├── view_help.php
├── view_source.php
├── view_source_all.php
├── weak_id/
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ └── source/
│ ├── high.php
│ ├── impossible.php
│ ├── low.php
│ └── medium.php
├── xss_d/
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ └── source/
│ ├── high.php
│ ├── impossible.php
│ ├── low.php
│ └── medium.php
├── xss_r/
│ ├── help/
│ │ └── help.php
│ ├── index.php
│ └── source/
│ ├── high.php
│ ├── impossible.php
│ ├── low.php
│ └── medium.php
└── xss_s/
├── help/
│ └── help.php
├── index.php
└── source/
├── high.php
├── impossible.php
├── low.php
└── medium.php
SYMBOL INDEX (230 symbols across 36 files)
FILE: database/bac_setup.sql
type access_log (line 4) | CREATE TABLE IF NOT EXISTS access_log (
type security_log (line 15) | CREATE TABLE IF NOT EXISTS security_log (
FILE: database/create_mssql_db.sql
type users (line 9) | CREATE TABLE users (user_id INT PRIMARY KEY,first_name VARCHAR(15),last_...
type guestbook (line 13) | CREATE TABLE guestbook (comment_id INT IDENTITY(1,1)
FILE: database/create_oracle_db.sql
type users (line 3) | CREATE TABLE users (
type guestbook (line 15) | CREATE TABLE guestbook
FILE: database/create_postgresql_db.sql
type users (line 1) | CREATE TABLE users (user_id INT PRIMARY KEY,first_name VARCHAR(15),last_...
type guestbook (line 5) | CREATE TABLE guestbook (comment_id serial PRIMARY KEY, comment VARCHAR(3...
FILE: database/create_sqlite_db.sql
type `users` (line 1) | CREATE TABLE `users` (
type `guestbook` (line 13) | CREATE TABLE `guestbook` (
FILE: dvwa/includes/Parsedown.php
class Parsedown (line 16) | class Parsedown
method text (line 24) | function text($text)
method textElements (line 37) | protected function textElements($text)
method setBreaksEnabled (line 59) | function setBreaksEnabled($breaksEnabled)
method setMarkupEscaped (line 68) | function setMarkupEscaped($markupEscaped)
method setUrlsLinked (line 77) | function setUrlsLinked($urlsLinked)
method setSafeMode (line 86) | function setSafeMode($safeMode)
method setStrictMode (line 95) | function setStrictMode($strictMode)
method lines (line 162) | protected function lines(array $lines)
method linesElements (line 167) | protected function linesElements(array $lines)
method extractElement (line 319) | protected function extractElement(array $Component)
method isBlockContinuable (line 336) | protected function isBlockContinuable($Type)
method isBlockCompletable (line 341) | protected function isBlockCompletable($Type)
method blockCode (line 349) | protected function blockCode($Line, $Block = null)
method blockCodeContinue (line 374) | protected function blockCodeContinue($Line, $Block)
method blockCodeComplete (line 395) | protected function blockCodeComplete($Block)
method blockComment (line 403) | protected function blockComment($Line)
method blockCommentContinue (line 428) | protected function blockCommentContinue($Line, array $Block)
method blockFencedCode (line 448) | protected function blockFencedCode($Line)
method blockFencedCodeContinue (line 502) | protected function blockFencedCodeContinue($Line, $Block)
method blockFencedCodeComplete (line 531) | protected function blockFencedCodeComplete($Block)
method blockHeader (line 539) | protected function blockHeader($Line)
method blockList (line 574) | protected function blockList($Line, array $CurrentBlock = null)
method blockListContinue (line 643) | protected function blockListContinue($Line, array $Block)
method blockListComplete (line 729) | protected function blockListComplete(array $Block)
method blockQuote (line 748) | protected function blockQuote($Line)
method blockQuoteContinue (line 767) | protected function blockQuoteContinue($Line, array $Block)
method blockRule (line 792) | protected function blockRule($Line)
method blockSetextHeader (line 811) | protected function blockSetextHeader($Line, array $Block = null)
method blockMarkup (line 829) | protected function blockMarkup($Line)
method blockMarkupContinue (line 857) | protected function blockMarkupContinue($Line, array $Block)
method blockReference (line 872) | protected function blockReference($Line)
method blockTable (line 897) | protected function blockTable($Line, array $Block = null)
method blockTableContinue (line 1020) | protected function blockTableContinue($Line, array $Block)
method paragraph (line 1078) | protected function paragraph($Line)
method paragraphContinue (line 1093) | protected function paragraphContinue($Line, array $Block)
method line (line 1130) | public function line($text, $nonNestables = array())
method lineElements (line 1135) | protected function lineElements($text, $nonNestables = array())
method inlineText (line 1239) | protected function inlineText($text)
method inlineCode (line 1258) | protected function inlineCode($Excerpt)
method inlineEmailTag (line 1277) | protected function inlineEmailTag($Excerpt)
method inlineEmphasis (line 1307) | protected function inlineEmphasis($Excerpt)
method inlineEscapeSequence (line 1342) | protected function inlineEscapeSequence($Excerpt)
method inlineImage (line 1353) | protected function inlineImage($Excerpt)
method inlineLink (line 1388) | protected function inlineLink($Excerpt)
method inlineMarkup (line 1463) | protected function inlineMarkup($Excerpt)
method inlineSpecialCharacter (line 1495) | protected function inlineSpecialCharacter($Excerpt)
method inlineStrikethrough (line 1509) | protected function inlineStrikethrough($Excerpt)
method inlineUrl (line 1532) | protected function inlineUrl($Excerpt)
method inlineUrlTag (line 1560) | protected function inlineUrlTag($Excerpt)
method unmarkedText (line 1581) | protected function unmarkedText($text)
method handle (line 1591) | protected function handle(array $Element)
method handleElementRecursive (line 1627) | protected function handleElementRecursive(array $Element)
method handleElementsRecursive (line 1632) | protected function handleElementsRecursive(array $Elements)
method elementApplyRecursive (line 1637) | protected function elementApplyRecursive($closure, array $Element)
method elementApplyRecursiveDepthFirst (line 1653) | protected function elementApplyRecursiveDepthFirst($closure, array $El...
method elementsApplyRecursive (line 1669) | protected function elementsApplyRecursive($closure, array $Elements)
method elementsApplyRecursiveDepthFirst (line 1679) | protected function elementsApplyRecursiveDepthFirst($closure, array $E...
method element (line 1689) | protected function element(array $Element)
method elements (line 1773) | protected function elements(array $Elements)
method li (line 1803) | protected function li($lines)
method pregReplaceElements (line 1825) | protected static function pregReplaceElements($regexp, $Elements, $text)
method parse (line 1854) | function parse($text)
method sanitiseElement (line 1861) | protected function sanitiseElement(array $Element)
method filterUnsafeUrlInAttribute (line 1900) | protected function filterUnsafeUrlInAttribute(array $Element, $attribute)
method escape (line 1919) | protected static function escape($text, $allowQuotes = false)
method striAtStart (line 1924) | protected static function striAtStart($string, $needle)
method instance (line 1938) | static function instance($name = 'default')
FILE: dvwa/includes/dvwaPage.inc.php
function dvwa_start_session (line 45) | function dvwa_start_session() {
function dvwaSessionGrab (line 124) | function &dvwaSessionGrab() {
function dvwaPageStartup (line 132) | function dvwaPageStartup( $pActions ) {
function dvwaLogin (line 140) | function dvwaLogin( $pUsername ) {
function dvwaIsLoggedIn (line 146) | function dvwaIsLoggedIn() {
function dvwaLogout (line 157) | function dvwaLogout() {
function dvwaPageReload (line 163) | function dvwaPageReload() {
function dvwaCurrentUser (line 172) | function dvwaCurrentUser() {
function dvwaPageNewGrab (line 179) | function &dvwaPageNewGrab() {
function dvwaThemeGet (line 192) | function dvwaThemeGet() {
function dvwaSecurityLevelGet (line 200) | function dvwaSecurityLevelGet() {
function dvwaSecurityLevelSet (line 218) | function dvwaSecurityLevelSet( $pSecurityLevel ) {
function dvwaLocaleGet (line 230) | function dvwaLocaleGet() {
function dvwaSQLiDBGet (line 235) | function dvwaSQLiDBGet() {
function dvwaLocaleSet (line 240) | function dvwaLocaleSet( $pLocale ) {
function dvwaMessagePush (line 252) | function dvwaMessagePush( $pMessage ) {
function dvwaMessagePop (line 261) | function dvwaMessagePop() {
function messagesPopAllToHtml (line 270) | function messagesPopAllToHtml() {
function dvwaHtmlEcho (line 281) | function dvwaHtmlEcho( $pPage ) {
function dvwaHelpHtmlEcho (line 455) | function dvwaHelpHtmlEcho( $pPage ) {
function dvwaSourceHtmlEcho (line 491) | function dvwaSourceHtmlEcho( $pPage ) {
function dvwaExternalLinkUrlGet (line 527) | function dvwaExternalLinkUrlGet( $pLink,$text=null ) {
function dvwaButtonHelpHtmlGet (line 537) | function dvwaButtonHelpHtmlGet( $pId ) {
function dvwaButtonSourceHtmlGet (line 544) | function dvwaButtonSourceHtmlGet( $pId ) {
function dvwaDatabaseConnect (line 562) | function dvwaDatabaseConnect() {
function dvwaRedirect (line 603) | function dvwaRedirect( $pLocation ) {
function dvwaGuestbook (line 610) | function dvwaGuestbook() {
function checkToken (line 634) | function checkToken( $user_token, $session_token, $returnURL ) { # Vali...
function generateSessionToken (line 647) | function generateSessionToken() { # Generate a brand new (CSRF) token
function destroySessionToken (line 654) | function destroySessionToken() { # Destroy any session with the name 's...
function tokenField (line 658) | function tokenField() { # Return a field for the (CSRF) token
FILE: dvwa/js/add_event_listeners.js
function addEventListeners (line 4) | function addEventListeners() {
FILE: dvwa/js/dvwaPage.js
function popUp (line 3) | function popUp(URL) {
function validate_required (line 12) | function validate_required(field,alerttxt)
function validateGuestbookForm (line 24) | function validateGuestbookForm(thisform) {
function confirmClearGuestbook (line 37) | function confirmClearGuestbook() {
function toggleTheme (line 41) | function toggleTheme() {
FILE: external/recaptcha/recaptchalib.php
function recaptcha_check_answer (line 5) | function recaptcha_check_answer($key, $response){
function CheckCaptcha (line 9) | function CheckCaptcha($key, $response) {
function recaptcha_get_html (line 38) | function recaptcha_get_html($pubKey){
FILE: tests/test_url.py
function get_php_files (line 7) | def get_php_files():
function get_urls (line 19) | def get_urls(filename):
function check_once (line 26) | def check_once(url):
function check (line 39) | def check(url):
function test_url (line 51) | def test_url():
FILE: vulnerabilities/api/src/GenericController.php
class GenericController (line 11) | class GenericController
method __construct (line 16) | public function __construct($command) {
method optionsResponse (line 20) | private function optionsResponse() {
method unprocessableEntityResponse (line 26) | private function unprocessableEntityResponse()
method notFoundResponse (line 35) | private function notFoundResponse() {
method methodNotSupported (line 41) | private function methodNotSupported() {
method teapotResponse (line 47) | private function teapotResponse() {
method processRequest (line 53) | public function processRequest() {
FILE: vulnerabilities/api/src/HealthController.php
class HealthController (line 11) | class HealthController
method __construct (line 16) | public function __construct($requestMethod, $version, $command) {
method echo (line 21) | #[OAT\Post(
method checkConnectivity (line 59) | #[OAT\Post(
method getStatus (line 104) | #[OAT\Get(
method ping (line 124) | #[OAT\Get(
method processRequest (line 143) | public function processRequest() {
class Target (line 189) | #[OAT\Schema(required: ['target'])]
class Words (line 195) | #[OAT\Schema(required: ['words'])]
FILE: vulnerabilities/api/src/Helpers.php
class Helpers (line 5) | class Helpers {
method check_content_type (line 6) | public static function check_content_type() {
FILE: vulnerabilities/api/src/Login.php
class Login (line 7) | class Login
method create_token (line 14) | public static function create_token() {
method check_access_token (line 26) | public static function check_access_token($token) {
method check_refresh_token (line 39) | public static function check_refresh_token($token) {
FILE: vulnerabilities/api/src/LoginController.php
class LoginController (line 7) | class LoginController
method __construct (line 12) | public function __construct($requestMethod, $version, $command) {
method loginJSON (line 20) | #[OAT\Post(
method login (line 75) | private function login() {
method refresh (line 149) | private function refresh() {
method check_token (line 181) | #[OAT\Post(
method processRequest (line 232) | public function processRequest() {
class Credentials (line 267) | #[OAT\Schema(required: ['username', 'password'])]
FILE: vulnerabilities/api/src/Order.php
class Order (line 14) | #[OAT\Schema()]
method __construct (line 32) | function __construct ($id, $name, $address, $items, $status) {
method toArray (line 43) | public function toArray($version) {
class OrderAdd (line 56) | #[OAT\Schema(required: ['level', 'name'])]
class OrderUpdate (line 69) | #[OAT\Schema()]
FILE: vulnerabilities/api/src/OrderController.php
class OrderController (line 7) | class OrderController
method __construct (line 13) | public function __construct($requestMethod, $version, $orderId) {
method checkToken (line 24) | private function checkToken() {
method validateAdd (line 38) | private function validateAdd($input)
method validateUpdate (line 52) | private function validateUpdate($input)
method getOrder (line 65) | #[OAT\SecurityScheme(
method getAllOrders (line 114) | #[OAT\Get(
method addOrder (line 148) | #[OAT\Post(
method updateOrder (line 198) | #[OAT\Put(
method deleteOrder (line 265) | #[OAT\Delete(
method processRequest (line 304) | public function processRequest() {
FILE: vulnerabilities/api/src/Token.php
class Token (line 7) | #[OAT\Schema(required: ['token'])]
method __construct (line 19) | public function __construct () {
method encrypt (line 22) | private static function encrypt($cleartext) {
method decrypt (line 30) | private static function decrypt($ciphertext) {
method create_token (line 42) | public function create_token($secret, $expires) {
method decrypt_token (line 50) | public function decrypt_token($token) {
FILE: vulnerabilities/api/src/User.php
class User (line 14) | #[OAT\Schema()]
method __construct (line 28) | function __construct ($id, $name, $level, $password) {
method toArray (line 38) | public function toArray($version) {
class UserAdd (line 62) | #[OAT\Schema(required: ['level', 'name'])]
class UserUpdate (line 72) | #[OAT\Schema(required: ['name'])]
FILE: vulnerabilities/api/src/UserController.php
class UserController (line 8) | #[OAT\Info(title: "DVWA API", version: "0.1")]
method __construct (line 29) | public function __construct($requestMethod, $version, $userId) {
method validateAdd (line 40) | private function validateAdd($input)
method validateUpdate (line 54) | private function validateUpdate($input)
method getUser (line 62) | #[OAT\Get(
method getAllUsers (line 97) | #[OAT\Get(
method addUser (line 125) | #[OAT\Post(
method updateUser (line 174) | #[OAT\Put(
method deleteUser (line 232) | #[OAT\Delete(
method processRequest (line 265) | public function processRequest() {
FILE: vulnerabilities/authbypass/authbypass.js
function show_save_result (line 1) | function show_save_result (data) {
function submit_change (line 9) | function submit_change(id) {
function populate_form (line 26) | function populate_form() {
FILE: vulnerabilities/bac/index.php
function setupRequiredTables (line 18) | function setupRequiredTables()
FILE: vulnerabilities/bac/source/impossible.php
function isRateLimitExceeded (line 143) | function isRateLimitExceeded($user_id)
function logAccessAttempt (line 182) | function logAccessAttempt($user_id, $target_id, $action)
function logSecurityEvent (line 217) | function logSecurityEvent($action, $target_id, $user_id, $details = '')
function checkForSuspiciousActivity (line 263) | function checkForSuspiciousActivity($user_id, $target_id)
FILE: vulnerabilities/cryptography/source/ecb_attack.php
function encrypt (line 2) | function encrypt ($plaintext, $key) {
function decrypt (line 9) | function decrypt ($ciphertext, $key) {
FILE: vulnerabilities/cryptography/source/low.php
function xor_this (line 3) | function xor_this($cleartext, $key) {
FILE: vulnerabilities/cryptography/source/medium.php
function decrypt (line 2) | function decrypt ($ciphertext, $key) {
FILE: vulnerabilities/cryptography/source/oracle_attack.php
function xor_byte_array (line 5) | function xor_byte_array ($a1, $a2) {
function byte_array_to_string (line 16) | function byte_array_to_string ($array) {
function zero_array (line 24) | function zero_array($length) {
function make_call (line 32) | function make_call ($token, $iv, $url = null) {
function do_attack (line 84) | function do_attack ($iv_string_b64, $token, $url) {
FILE: vulnerabilities/cryptography/source/token_library_high.php
function encrypt (line 7) | function encrypt ($plaintext, $iv) {
function decrypt (line 22) | function decrypt ($ciphertext, $iv) {
function create_token (line 36) | function create_token ($debug = false) {
function check_token (line 53) | function check_token ($data) {
FILE: vulnerabilities/cryptography/source/token_library_impossible.php
function encrypt (line 6) | function encrypt ($plaintext, $iv) {
function decrypt (line 21) | function decrypt ($ciphertext, $iv) {
function create_token (line 39) | function create_token () {
function check_token (line 51) | function check_token ($data) {
FILE: vulnerabilities/cryptography/source/xor_theory.php
function xor_this (line 3) | function xor_this($cleartext, $key) {
FILE: vulnerabilities/csp/source/high.js
function clickButton (line 1) | function clickButton() {
function solveSum (line 7) | function solveSum(obj) {
FILE: vulnerabilities/csp/source/impossible.js
function clickButton (line 1) | function clickButton() {
function solveSum (line 7) | function solveSum(obj) {
FILE: vulnerabilities/help.js
function show_answer (line 1) | function show_answer(which) {
FILE: vulnerabilities/javascript/source/high_unobfuscated.js
function Sha256 (line 127) | function Sha256(is224, sharedMemory) {
function HmacSha256 (line 429) | function HmacSha256(key, is224, sharedMemory) {
function do_something (line 520) | function do_something(e){for(var t="",n=e.length-1;n>=0;n--)t+=e[n];retu...
function token_part_3 (line 522) | function token_part_3(t, y="ZZ") {
function token_part_2 (line 526) | function token_part_2(e="YY") {
function token_part_1 (line 530) | function token_part_1(a,b) {
FILE: vulnerabilities/javascript/source/medium.js
function do_something (line 1) | function do_something(e){for(var t="",n=e.length-1;n>=0;n--)t+=e[n];retu...
function do_elsesomething (line 1) | function do_elsesomething(e){document.getElementById("token").value=do_s...
Condensed preview — 233 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (999K chars).
[
{
"path": ".dockerignore",
"chars": 80,
"preview": "**/.git\n**/.gitignore\n**/.github\n**/Dockerfile*\n**/.dockerignore\n**/compose.yml\n"
},
{
"path": ".gitattributes",
"chars": 474,
"preview": "# Auto detect text files and perform LF normalization\n* text=auto\n\n#\n# The above will handle all files NOT found below\n#"
},
{
"path": ".github/FUNDING.yml",
"chars": 92,
"preview": "# These are supported funding model platforms\n\ngithub: digininja\ncustom: https://digi.ninja\n"
},
{
"path": ".github/ISSUE_TEMPLATE/bug-report---installation.md",
"chars": 1474,
"preview": "---\nname: Bug report - Installation\nabout: Create a report about installation issues\ntitle: ''\nlabels: ''\nassignees: ''\n"
},
{
"path": ".github/ISSUE_TEMPLATE/bug-report---vulnerability.md",
"chars": 1487,
"preview": "---\nname: Bug report - Vulnerability\nabout: Creating a report in a bug in a vulnerability\ntitle: ''\nlabels: ''\nassignees"
},
{
"path": ".github/ISSUE_TEMPLATE/i-m-stuck.md",
"chars": 881,
"preview": "---\nname: I'm Stuck\nabout: When you are stuck exploiting a vulnerability\ntitle: ''\nlabels: 'stuck'\nassignees: ''\n\n---\n\nQ"
},
{
"path": ".github/workflows/codeql-analysis.yml",
"chars": 2422,
"preview": "# For most projects, this workflow file will not need changing; you simply need\n# to commit it to your repository.\n#\n# Y"
},
{
"path": ".github/workflows/docker-image.yml",
"chars": 1241,
"preview": "name: Docker Image CI\n\non:\n workflow_dispatch:\n push:\n branches:\n - master\n\njobs:\n build:\n runs-on: ubuntu"
},
{
"path": ".github/workflows/pytest.yml",
"chars": 458,
"preview": "name: CI\n\non:\n push:\n branches:\n - master\n pull_request:\n branches:\n - master\n schedule:\n # Every "
},
{
"path": ".github/workflows/shiftleft-analysis.yml",
"chars": 902,
"preview": "# This workflow integrates Scan with GitHub's code scanning feature\n# Scan is a free open-source security tool for moder"
},
{
"path": ".github/workflows/vulnerable.yml",
"chars": 1394,
"preview": "name: Vulnerable Action\n\non:\n push:\n branches:\n - master\n\njobs:\n run_commands:\n name: Run Linux Commands\n "
},
{
"path": ".gitignore",
"chars": 293,
"preview": "# Neither the config file or its backup should go\n# into the repo.\nconfig/config.inc.php.bak\nconfig/config.inc.php\n\n# Vi"
},
{
"path": "CHANGELOG.md",
"chars": 7134,
"preview": "DAMN VULNERABLE WEB APPLICATION\n=======================\n\nv1.10 (*Not Yet Released)\n======\n\n+ Improved IIS support. (@g0t"
},
{
"path": "COPYING.txt",
"chars": 32485,
"preview": " GNU GENERAL PUBLIC LICENSE\n Version 3, 29 June 2007\n\n Copyright (C) 2007 Free "
},
{
"path": "Dockerfile",
"chars": 1014,
"preview": "FROM docker.io/library/php:8-apache\n\nLABEL org.opencontainers.image.source=https://github.com/digininja/DVWA\nLABEL org.o"
},
{
"path": "README.ar.md",
"chars": 17308,
"preview": "# DAMN VULNERABLE WEB APPLICATION\n\nإن Damn Vulnerable Web Application (DVWA) هو تطبيق ويب تم إضعافه عمداً ومصمم بـ PHP "
},
{
"path": "README.es.md",
"chars": 21471,
"preview": "# DAMN VULNERABLE WEB APPLICATION\n\nDamn Vulnerable Web Application (DVWA) es una aplicación web hecha en PHP/MySQL que e"
},
{
"path": "README.fa.md",
"chars": 32979,
"preview": "# وب اپلیکیشن آسیب پذیر لعنتی\n\nوب اپلیکیشن آسیب پذیر لعنتی (DVWA)، یک وب اپلیکیشن مبتنی بر پیاچپی/مایاسکیوال است که ب"
},
{
"path": "README.fr.md",
"chars": 21329,
"preview": "# Translation / Traduction\n\nPhilibert Gentil:@[Philibert-Gentil](https://github.com/Philibert-Gentil)\nVous pouvez me con"
},
{
"path": "README.id.md",
"chars": 26155,
"preview": "# DAMN VULNERABLE WEB APPLICATION / APLIKASI WEB YANG RENTAN TERHADAP ANCAMAN\n\nDamn Vulnerable Web Application (DVWA) at"
},
{
"path": "README.it.md",
"chars": 34848,
"preview": "# DAMN VULNERABLE WEB APPLICATION\n\nDamn Vulnerable Web Application (DVWA) è un'applicazione web PHP/MariaDB che è dannat"
},
{
"path": "README.ko.md",
"chars": 19555,
"preview": "# DAMN VULNERABLE WEB APPLICATION\n\nDamn Vulnerable Web Application (DVWA)은 매우 취약한 PHP/MySQL 웹 애플리케이션입니다. DVWA의 주요 목표는 보안"
},
{
"path": "README.md",
"chars": 33084,
"preview": "# DAMN VULNERABLE WEB APPLICATION\n\nDamn Vulnerable Web Application (DVWA) is a PHP/MariaDB web application that is damn "
},
{
"path": "README.pl.md",
"chars": 27940,
"preview": "# DAMN VULNERABLE WEB APPLICATION\n\nDamn Vulnerable Web Application (DVWA) to aplikacja internetowa, napisana w PHP/MySQL"
},
{
"path": "README.pt.md",
"chars": 20728,
"preview": "# DAMN VULNERABLE WEB APPLICATION\n\nDamn Vulnerable Web Application (DVWA) é um aplicativo web em PHP/MySQL que é extrema"
},
{
"path": "README.ru.md",
"chars": 35530,
"preview": "\n# Damn Vulnerable Web Application \n\nDamn Vulnerable Web Application (DVWA) — это веб-приложение на PHP/MariaDB, которое"
},
{
"path": "README.tr.md",
"chars": 18623,
"preview": "# DAMN VULNERABLE WEB APPLICATION\n\nDamn Vulnerable Web Application (DVWA), son derece zafiyetli bir PHP/MySQL web uygula"
},
{
"path": "README.uk.md",
"chars": 34946,
"preview": "# DAMN VULNERABLE WEB APPLICATION\n\nDVWA (англ. _Damn Vulnerable Web Application_ — бісів вразливий вебзастосунок) "
},
{
"path": "README.vi.md",
"chars": 29047,
"preview": "# DAMN VULNERABLE WEB APPLICATION - ỨNG DỤNG WEB DỄ BỊ TẤN CÔNG\n\nDamn Vulnerable Web Application (DVWA) là một ứng dụng "
},
{
"path": "README.zh.md",
"chars": 10972,
"preview": "# 翻译\n\n翻译:@[inVains](https://github.com/inVains) @[songzy12](https://github.com/songzy12) @[cnskis](https://github.com/cn"
},
{
"path": "SECURITY.md",
"chars": 151,
"preview": "The clue is in its name, DVWA contains both intentional and unintentional vulnerabliities, that is it's whole point, ple"
},
{
"path": "about.php",
"chars": 2883,
"preview": "<?php\r\n\r\ndefine( 'DVWA_WEB_PAGE_TO_ROOT', '' );\r\nrequire_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';\r"
},
{
"path": "compose.yml",
"chars": 726,
"preview": "volumes:\n dvwa:\n\n\nnetworks:\n dvwa:\n\n\nservices:\n dvwa:\n build: .\n image: ghcr.io/digininja/dvwa:latest\n # Cha"
},
{
"path": "config/config.inc.php.dist",
"chars": 2437,
"preview": "<?php\n\n# If you are having problems connecting to the MySQL database and all of the variables below are correct\n# try ch"
},
{
"path": "database/bac_setup.sql",
"chars": 1045,
"preview": "-- Create tables for Broken Access Control module\n\n-- Table for access logging\nCREATE TABLE IF NOT EXISTS access_log (\n "
},
{
"path": "database/create_mssql_db.sql",
"chars": 1109,
"preview": "/*\nIn case I get round to adding MS SQL support, this creates and populates the tables.\n*/\n\nCREATE DATABASE dvwa;\n\nUSE d"
},
{
"path": "database/create_oracle_db.sql",
"chars": 1087,
"preview": "/* Create a copy of the database and contents in Oracle */\n\nCREATE TABLE users (\nuser_id NUMBER NOT NULL,\nfirst_name var"
},
{
"path": "database/create_postgresql_db.sql",
"chars": 810,
"preview": "CREATE TABLE users (user_id INT PRIMARY KEY,first_name VARCHAR(15),last_name VARCHAR(15), \"user\" VARCHAR(15), password V"
},
{
"path": "database/create_sqlite_db.sql",
"chars": 945,
"preview": "CREATE TABLE `users` (\n`user_id` int NOT NULL,\n`first_name` text DEFAULT NULL,\n`last_name` text DEFAULT NULL,\n`user` tex"
},
{
"path": "docs/pdf.html",
"chars": 105,
"preview": "Damn Vulnerable Web Application (DVWA) <a href=\"docs/DVWA_v1.3.pdf\">Official Documentation PDF v1.3</a>\r\n"
},
{
"path": "dvwa/css/help.css",
"chars": 579,
"preview": "body {\r\n\tbackground-color: #e7e7e7;\r\n\tfont-family: Arial, Helvetica, sans-serif;\r\n\tfont-size: 13px;\r\n}\r\n\r\nh1 {\r\n\tfont-si"
},
{
"path": "dvwa/css/login.css",
"chars": 842,
"preview": "body {\r\n\tbackground: #fefffe;\r\n\tfont: 12px/15px Arial, Helvetica, sans-serif;\r\n\tline-height: 20px;\r\n\tcolor: #6b6b6b;\r\n}\r"
},
{
"path": "dvwa/css/main.css",
"chars": 5149,
"preview": "body {\r\n\tmargin: 0;\r\n\tcolor: #2f2f2f;\r\n\tfont: 12px/15px Arial, Helvetica, sans-serif;\r\n\tmin-width: 981px;\r\n\theight: 100%"
},
{
"path": "dvwa/css/source.css",
"chars": 574,
"preview": "body {\r\n\tbackground-color: #e7e7e7;\r\n\tfont-family: Arial, Helvetica, sans-serif;\r\n\tfont-size: 13px;\r\n}\r\n\r\nh1 {\r\n\tfont-si"
},
{
"path": "dvwa/includes/DBMS/MySQL.php",
"chars": 8004,
"preview": "<?php\n\n/*\n\nThis file contains all of the code to setup the initial MySQL database. (setup.php)\n\n*/\n\nif( !defined( 'DVWA_"
},
{
"path": "dvwa/includes/DBMS/PGSQL.php",
"chars": 3523,
"preview": "<?php\r\n\r\n/*\r\n\r\nThis file contains all of the code to setup the initial PostgreSQL database. (setup.php)\r\n\r\n*/\r\n\r\n// Conn"
},
{
"path": "dvwa/includes/Parsedown.php",
"chars": 52037,
"preview": "<?php\n\n#\n#\n# Parsedown\n# http://parsedown.org\n#\n# (c) Emanuil Rusev\n# http://erusev.com\n#\n# For the full license informa"
},
{
"path": "dvwa/includes/dvwaPage.inc.php",
"chars": 24327,
"preview": "<?php\n\nif( !defined( 'DVWA_WEB_PAGE_TO_ROOT' ) ) {\n\tdie( 'DVWA System error- WEB_PAGE_TO_ROOT undefined' );\n\texit;\n}\n\nif"
},
{
"path": "dvwa/js/add_event_listeners.js",
"chars": 593,
"preview": "// These functions need to be called after the content they reference\n// has been added to the page otherwise they will "
},
{
"path": "dvwa/js/dvwaPage.js",
"chars": 1240,
"preview": "/* Help popup */\r\n\r\nfunction popUp(URL) {\r\n\tday = new Date();\r\n\tid = day.getTime();\r\n\twindow.open(URL, '\" + id + \"', 'to"
},
{
"path": "external/recaptcha/recaptchalib.php",
"chars": 969,
"preview": "<?php\n\n// new php7 captcha v2 implementation.\n\nfunction recaptcha_check_answer($key, $response){\n\treturn CheckCaptcha($k"
},
{
"path": "hackable/flags/fi.php",
"chars": 678,
"preview": "<?php\n\nif( !defined( 'DVWA_WEB_PAGE_TO_ROOT' ) ) {\n\texit (\"Nice try ;-). Use the file include next time!\");\n}\n\n?>\n\n1.) B"
},
{
"path": "index.php",
"chars": 3678,
"preview": "<?php\n\ndefine( 'DVWA_WEB_PAGE_TO_ROOT', '' );\nrequire_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';\n\ndv"
},
{
"path": "instructions.php",
"chars": 2053,
"preview": "<?php\r\n\r\ndefine( 'DVWA_WEB_PAGE_TO_ROOT', '' );\r\nrequire_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';\r"
},
{
"path": "login.php",
"chars": 4064,
"preview": "<?php\r\n\r\ndefine( 'DVWA_WEB_PAGE_TO_ROOT', '' );\r\nrequire_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';\r"
},
{
"path": "logout.php",
"chars": 405,
"preview": "<?php\r\n\r\ndefine( 'DVWA_WEB_PAGE_TO_ROOT', '' );\r\nrequire_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';\r"
},
{
"path": "php.ini",
"chars": 154,
"preview": "; This file attempts to overwrite the original php.ini file. Doesnt always work.\r\n\r\nmagic_quotes_gpc = Off\r\nallow_url_fo"
},
{
"path": "phpinfo.php",
"chars": 188,
"preview": "<?php\r\n\r\ndefine( 'DVWA_WEB_PAGE_TO_ROOT', '' );\r\nrequire_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';\r"
},
{
"path": "robots.txt",
"chars": 25,
"preview": "User-agent: *\nDisallow: /"
},
{
"path": "security.php",
"chars": 3300,
"preview": "<?php\n\ndefine( 'DVWA_WEB_PAGE_TO_ROOT', '' );\nrequire_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';\n\ndv"
},
{
"path": "security.txt",
"chars": 151,
"preview": "The clue is in its name, DVWA contains both intentional and unintentional vulnerabliities, that is it's whole point, ple"
},
{
"path": "setup.php",
"chars": 5104,
"preview": "<?php\r\n\r\ndefine( 'DVWA_WEB_PAGE_TO_ROOT', '' );\r\nrequire_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';\r"
},
{
"path": "tests/README.md",
"chars": 321,
"preview": "# Tests\n\n## Usage\n\nTo run these scripts manually, run the following from the document root:\n\n```\npython3 -m pytest -s\n``"
},
{
"path": "tests/test_url.py",
"chars": 3662,
"preview": "import glob\nimport re\nimport requests\nimport time\n\n\ndef get_php_files():\n patterns = [\"*.php\", \"*/*.php\", \"*/*/*.php\""
},
{
"path": "vulnerabilities/api/.htaccess",
"chars": 317,
"preview": "<IfModule mod_rewrite.c>\n\tRewriteEngine On\n\t# If an existing asset or directory is requested go to it as it is\n\tRewriteC"
},
{
"path": "vulnerabilities/api/README.md",
"chars": 1020,
"preview": "# API Info\n\n## Generating OpenAPI Docs\n\nIf you want to be able to modify the code and generate your own OpenAPI document"
},
{
"path": "vulnerabilities/api/bootstrap.php",
"chars": 37,
"preview": "<?php\nrequire 'vendor/autoload.php';\n"
},
{
"path": "vulnerabilities/api/composer.json",
"chars": 148,
"preview": "{\n \"autoload\": {\n \"psr-4\": {\n \"Src\\\\\": \"src/\"\n }\n },\n \"require\": {\n \"zircote/sw"
},
{
"path": "vulnerabilities/api/gen_openapi.php",
"chars": 482,
"preview": "<?php\nrequire(\"vendor/autoload.php\");\n\n$openapi = \\OpenApi\\Generator::scan(['./src']);\n\nheader(\"Access-Control-Allow-Ori"
},
{
"path": "vulnerabilities/api/help/help.php",
"chars": 5850,
"preview": "<style>\n\tpre {\n\t\toverflow-x: auto;\n\t\twhite-space: pre-wrap;\n\t\tword-wrap: break-word;\n\t}\n</style>\n\n<div class=\"body_padde"
},
{
"path": "vulnerabilities/api/index.php",
"chars": 2324,
"preview": "<?php\n\ndefine( 'DVWA_WEB_PAGE_TO_ROOT', '../../' );\nrequire_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php"
},
{
"path": "vulnerabilities/api/openapi.yml",
"chars": 10421,
"preview": "openapi: 3.0.0\ninfo:\n title: 'DVWA API'\n contact:\n url: 'https://github.com/digininja/DVWA/'\n email: robin@digi."
},
{
"path": "vulnerabilities/api/public/index.php",
"chars": 2754,
"preview": "<?php\n\nrequire '../bootstrap.php';\nuse Src\\UserController;\nuse Src\\HealthController;\nuse Src\\GenericController;\nuse Src\\"
},
{
"path": "vulnerabilities/api/source/high.php",
"chars": 1133,
"preview": "<?php\n\n$message = \"\";\n\n$html .= \"\n\t<p>\n\t\tHere is the <a href='openapi.yml'>OpenAPI</a> document, have a look the health "
},
{
"path": "vulnerabilities/api/source/impossible.php",
"chars": 1005,
"preview": "<?php\n\n$message = \"\";\n\n$html .= \"\n\t<p>\n\t\tRather than try to develop a perfect API, there is a different type of challeng"
},
{
"path": "vulnerabilities/api/source/low.php",
"chars": 2997,
"preview": "<?php\n$errors = \"\";\n$success = \"\";\n$messages = \"\";\n\nif ($_SERVER['REQUEST_METHOD'] == \"POST\") {\n}\n\n$request_url = $_SERV"
},
{
"path": "vulnerabilities/api/source/medium.php",
"chars": 2503,
"preview": "<?php\n\n$request_url = $_SERVER['REQUEST_URI'];\n$stripped_url = str_replace (\"/vulnerabilities/api/\", \"\", $request_url);\n"
},
{
"path": "vulnerabilities/api/src/GenericController.php",
"chars": 1792,
"preview": "<?php\n\n# Start the app with:\n#\n# php -S localhost:8000 -t public\n\nnamespace Src;\n\nuse OpenApi\\Attributes as OAT;\n\nclass "
},
{
"path": "vulnerabilities/api/src/HealthController.php",
"chars": 5314,
"preview": "<?php\n\n# Start the app with:\n#\n# php -S localhost:8000 -t public\n\nnamespace Src;\n\nuse OpenApi\\Attributes as OAT;\n\nclass "
},
{
"path": "vulnerabilities/api/src/Helpers.php",
"chars": 418,
"preview": "<?php\n\nnamespace Src;\n\nclass Helpers {\n\tpublic static function check_content_type() {\n\t\tif (array_key_exists (\"CONTENT_T"
},
{
"path": "vulnerabilities/api/src/Login.php",
"chars": 1256,
"preview": "<?php\n\nnamespace Src;\n\nuse OpenApi\\Attributes as OAT;\n\nclass Login\n{\n\tprivate const ACCESS_TOKEN_LIFE = 180;\n\tprivate co"
},
{
"path": "vulnerabilities/api/src/LoginController.php",
"chars": 8916,
"preview": "<?php\n\nnamespace Src;\n\nuse OpenApi\\Attributes as OAT;\n\nclass LoginController\n{\n\tprivate $command = null;\n\tprivate $reque"
},
{
"path": "vulnerabilities/api/src/Order.php",
"chars": 1639,
"preview": "<?php declare(strict_types=1);\n\nnamespace Src;\n\nuse OpenApi\\Attributes as OAT;\n\n/*\n#[OA\\Schema()]\nenum UserLevel {\n c"
},
{
"path": "vulnerabilities/api/src/OrderController.php",
"chars": 9511,
"preview": "<?php\n\nnamespace Src;\n\nuse OpenApi\\Attributes as OAT;\n\nclass OrderController\n{\n\tprivate $data = array ();\n\tprivate $orde"
},
{
"path": "vulnerabilities/api/src/Token.php",
"chars": 1490,
"preview": "<?php\n\nnamespace Src;\n\nuse OpenApi\\Attributes as OAT;\n\n#[OAT\\Schema(required: ['token'])]\nclass Token {\n\tprivate const E"
},
{
"path": "vulnerabilities/api/src/User.php",
"chars": 1362,
"preview": "<?php declare(strict_types=1);\n\nnamespace Src;\n\nuse OpenApi\\Attributes as OAT;\n\n/*\n#[OA\\Schema()]\nenum UserLevel {\n c"
},
{
"path": "vulnerabilities/api/src/UserController.php",
"chars": 8489,
"preview": "<?php\n\nnamespace Src;\n\nuse OpenApi\\Attributes as OAT;\n\n# This is the definition for the whole file.\n#[OAT\\Info(title: \"D"
},
{
"path": "vulnerabilities/authbypass/authbypass.js",
"chars": 1842,
"preview": "function show_save_result (data) {\n\tif (data.result == 'ok') {\n\t\tdocument.getElementById('save_result').innerText = 'Sav"
},
{
"path": "vulnerabilities/authbypass/change_user_details.php",
"chars": 1558,
"preview": "<?php\ndefine( 'DVWA_WEB_PAGE_TO_ROOT', '../../' );\nrequire_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php'"
},
{
"path": "vulnerabilities/authbypass/get_user_data.php",
"chars": 1051,
"preview": "<?php\ndefine( 'DVWA_WEB_PAGE_TO_ROOT', '../../' );\nrequire_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php'"
},
{
"path": "vulnerabilities/authbypass/help/help.php",
"chars": 3751,
"preview": "<div class=\"body_padded\">\r\n\t<h1>Help - Authorisation Bypass</h1>\r\n\r\n\t<div id=\"code\">\r\n\t<table width='100%' bgcolor='whit"
},
{
"path": "vulnerabilities/authbypass/index.php",
"chars": 1817,
"preview": "<?php\r\n\r\ndefine( 'DVWA_WEB_PAGE_TO_ROOT', '../../' );\r\nrequire_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc."
},
{
"path": "vulnerabilities/authbypass/source/high.php",
"chars": 292,
"preview": "<?php\r\n/*\r\n\r\nOnly the admin user is allowed to access this page.\r\n\r\nHave a look at this file for possible vulnerabilitie"
},
{
"path": "vulnerabilities/authbypass/source/impossible.php",
"chars": 176,
"preview": "<?php\r\n/*\r\n\r\nOnly the admin user is allowed to access this page\r\n\r\n*/\r\n\r\nif (dvwaCurrentUser() != \"admin\") {\r\n\tprint \"Un"
},
{
"path": "vulnerabilities/authbypass/source/low.php",
"chars": 160,
"preview": "<?php\r\n/*\r\n\r\nNothing to see here for this vulnerability, have a look\r\ninstead at the dvwaHtmlEcho function in:\r\n\r\n* dvwa"
},
{
"path": "vulnerabilities/authbypass/source/medium.php",
"chars": 346,
"preview": "<?php\r\n/*\r\n\r\nOnly the admin user is allowed to access this page.\r\n\r\nHave a look at these two files for possible vulnerab"
},
{
"path": "vulnerabilities/bac/README.md",
"chars": 3141,
"preview": "# Broken Access Control Module - DVWA\n\nThis module demonstrates OWASP Top 10 2021's #1 vulnerability: Broken Access Cont"
},
{
"path": "vulnerabilities/bac/help/help.php",
"chars": 5719,
"preview": "<div class=\"body_padded\">\n\t<h1>Help - Broken Access Control</h1>\n\n\t<div id=\"code\">\n\t\t<table width=\"100%\" bgcolor=\"white\""
},
{
"path": "vulnerabilities/bac/index.php",
"chars": 5110,
"preview": "<?php\nif (!defined('DVWA_WEB_PAGE_TO_ROOT')) {\n define('DVWA_WEB_PAGE_TO_ROOT', '../../');\n}\n\nrequire_once DVWA_WEB_P"
},
{
"path": "vulnerabilities/bac/log_viewer.php",
"chars": 0,
"preview": ""
},
{
"path": "vulnerabilities/bac/source/high.php",
"chars": 5083,
"preview": "<?php\nif (!defined('DVWA_WEB_PAGE_TO_ROOT')) {\n define('DVWA_WEB_PAGE_TO_ROOT', '../../../');\n}\n\n// Get current user'"
},
{
"path": "vulnerabilities/bac/source/impossible.php",
"chars": 12910,
"preview": "<?php\nif (!defined('DVWA_WEB_PAGE_TO_ROOT')) {\n define('DVWA_WEB_PAGE_TO_ROOT', '../../../');\n}\nerror_reporting(E_ALL"
},
{
"path": "vulnerabilities/bac/source/low.php",
"chars": 4292,
"preview": "<?php\nif (!defined('DVWA_WEB_PAGE_TO_ROOT')) {\n define('DVWA_WEB_PAGE_TO_ROOT', '../../../');\n}\n\n// Get current user'"
},
{
"path": "vulnerabilities/bac/source/medium.php",
"chars": 3649,
"preview": "<?php\nif (!defined('DVWA_WEB_PAGE_TO_ROOT')) {\n define('DVWA_WEB_PAGE_TO_ROOT', '../../../');\n}\n\n// Get current user'"
},
{
"path": "vulnerabilities/bac/source/view_source.php",
"chars": 1423,
"preview": "<?php\nif (!defined('DVWA_WEB_PAGE_TO_ROOT')) {\n define('DVWA_WEB_PAGE_TO_ROOT', '../../../');\n}\n\nrequire_once DVWA_WE"
},
{
"path": "vulnerabilities/brute/help/help.php",
"chars": 3780,
"preview": "<div class=\"body_padded\">\r\n\t<h1>Help - Brute Force (Login)</h1>\r\n\r\n\t<div id=\"code\">\r\n\t<table width='100%' bgcolor='white"
},
{
"path": "vulnerabilities/brute/index.php",
"chars": 1949,
"preview": "<?php\r\n\r\ndefine( 'DVWA_WEB_PAGE_TO_ROOT', '../../' );\r\nrequire_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc."
},
{
"path": "vulnerabilities/brute/source/high.php",
"chars": 1875,
"preview": "<?php\r\n\r\nif( isset( $_GET[ 'Login' ] ) ) {\r\n\t// Check Anti-CSRF token\r\n\tcheckToken( $_REQUEST[ 'user_token' ], $_SESSION"
},
{
"path": "vulnerabilities/brute/source/impossible.php",
"chars": 4351,
"preview": "<?php\r\n\r\nif( isset( $_POST[ 'Login' ] ) && isset ($_POST['username']) && isset ($_POST['password']) ) {\r\n\t// Check Anti-"
},
{
"path": "vulnerabilities/brute/source/low.php",
"chars": 1028,
"preview": "<?php\r\n\r\nif( isset( $_GET[ 'Login' ] ) ) {\r\n\t// Get username\r\n\t$user = $_GET[ 'username' ];\r\n\r\n\t// Get password\r\n\t$pass "
},
{
"path": "vulnerabilities/brute/source/medium.php",
"chars": 1631,
"preview": "<?php\r\n\r\nif( isset( $_GET[ 'Login' ] ) ) {\r\n\t// Sanitise username input\r\n\t$user = $_GET[ 'username' ];\r\n\t$user = ((isset"
},
{
"path": "vulnerabilities/captcha/help/help.php",
"chars": 3412,
"preview": "<div class=\"body_padded\">\r\n\t<h1>Help - Insecure CAPTCHA</h1>\r\n\r\n\t<div id=\"code\">\r\n\t<table width='100%' bgcolor='white' s"
},
{
"path": "vulnerabilities/captcha/index.php",
"chars": 3183,
"preview": "<?php\r\n\r\ndefine( 'DVWA_WEB_PAGE_TO_ROOT', '../../' );\r\nrequire_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc."
},
{
"path": "vulnerabilities/captcha/source/high.php",
"chars": 1851,
"preview": "<?php\r\n\r\nif( isset( $_POST[ 'Change' ] ) ) {\r\n\t// Hide the CAPTCHA form\r\n\t$hide_form = true;\r\n\r\n\t// Get input\r\n\t$pass_ne"
},
{
"path": "vulnerabilities/captcha/source/impossible.php",
"chars": 2936,
"preview": "<?php\r\n\r\nif( isset( $_POST[ 'Change' ] ) ) {\r\n\t// Check Anti-CSRF token\r\n\tcheckToken( $_REQUEST[ 'user_token' ], $_SESSI"
},
{
"path": "vulnerabilities/captcha/source/low.php",
"chars": 2654,
"preview": "<?php\r\n\r\nif( isset( $_POST[ 'Change' ] ) && ( $_POST[ 'step' ] == '1' ) ) {\r\n\t// Hide the CAPTCHA form\r\n\t$hide_form = tr"
},
{
"path": "vulnerabilities/captcha/source/medium.php",
"chars": 2911,
"preview": "<?php\r\n\r\nif( isset( $_POST[ 'Change' ] ) && ( $_POST[ 'step' ] == '1' ) ) {\r\n\t// Hide the CAPTCHA form\r\n\t$hide_form = tr"
},
{
"path": "vulnerabilities/cryptography/help/help.php",
"chars": 9469,
"preview": "<style>\n\tpre {\n\t\toverflow-x: auto;\n\t\twhite-space: pre-wrap;\n\t\tword-wrap: break-word;\n\t}\n</style>\n\n<div class=\"body_padde"
},
{
"path": "vulnerabilities/cryptography/index.php",
"chars": 2861,
"preview": "<?php\n\ndefine( 'DVWA_WEB_PAGE_TO_ROOT', '../../' );\nrequire_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php"
},
{
"path": "vulnerabilities/cryptography/source/check_token_high.php",
"chars": 512,
"preview": "<?php\n\nrequire_once (\"token_library_high.php\");\n\n$ret = \"\";\n\nif ($_SERVER['REQUEST_METHOD'] == \"POST\") {\n\tif ($_SERVER['"
},
{
"path": "vulnerabilities/cryptography/source/check_token_impossible.php",
"chars": 518,
"preview": "<?php\n\nrequire_once (\"token_library_impossible.php\");\n\n$ret = \"\";\n\nif ($_SERVER['REQUEST_METHOD'] == \"POST\") {\n\tif ($_SE"
},
{
"path": "vulnerabilities/cryptography/source/download_ecb_attack.php",
"chars": 353,
"preview": "<?php\n\n// open the file in a binary mode\n$name = './ecb_attack.php';\n$fp = fopen($name, 'rb');\n\n// send the right header"
},
{
"path": "vulnerabilities/cryptography/source/download_oracle_attack.php",
"chars": 359,
"preview": "<?php\n\n// open the file in a binary mode\n$name = './oracle_attack.php';\n$fp = fopen($name, 'rb');\n\n// send the right hea"
},
{
"path": "vulnerabilities/cryptography/source/ecb_attack.php",
"chars": 2615,
"preview": "<?php\nfunction encrypt ($plaintext, $key) {\n\t$e = openssl_encrypt($plaintext, 'aes-128-ecb', $key, OPENSSL_PKCS1_PADDING"
},
{
"path": "vulnerabilities/cryptography/source/high.php",
"chars": 1946,
"preview": "<?php\n\nrequire (\"token_library_high.php\");\n\n$message = \"\";\n\n$token_data = create_token();\n\n$html = \"\n\t<script>\n\t\tfunctio"
},
{
"path": "vulnerabilities/cryptography/source/impossible.php",
"chars": 1808,
"preview": "<?php\n\nrequire (\"token_library_impossible.php\");\n\n$message = \"\";\n\n$token_data = create_token();\n\n$html = \"\n\t<script>\n\t\tf"
},
{
"path": "vulnerabilities/cryptography/source/low.php",
"chars": 3167,
"preview": "<?php\n\nfunction xor_this($cleartext, $key) {\n // Our output text\n $outText = '';\n\n // Iterate through each char"
},
{
"path": "vulnerabilities/cryptography/source/medium.php",
"chars": 3147,
"preview": "<?php\nfunction decrypt ($ciphertext, $key) {\n\t$e = openssl_decrypt($ciphertext, 'aes-128-ecb', $key, OPENSSL_PKCS1_PADDI"
},
{
"path": "vulnerabilities/cryptography/source/oracle_attack.php",
"chars": 8267,
"preview": "<?php\n\nrequire_once (\"token_library_high.php\");\n\nfunction xor_byte_array ($a1, $a2) {\n\tif (count ($a1) != count ($a2)) {"
},
{
"path": "vulnerabilities/cryptography/source/token_library_high.php",
"chars": 3288,
"preview": "<?php\n\ndefine (\"KEY\", \"rainbowclimbinghigh\");\ndefine (\"ALGO\", \"aes-128-cbc\");\ndefine (\"IV\", \"1234567812345678\");\n\nfuncti"
},
{
"path": "vulnerabilities/cryptography/source/token_library_impossible.php",
"chars": 3229,
"preview": "<?php\n\ndefine (\"KEY\", \"rainbowclimbinghigh\");\ndefine (\"ALGO\", \"aes-256-gcm\");\n\nfunction encrypt ($plaintext, $iv) {\n\t# D"
},
{
"path": "vulnerabilities/cryptography/source/xor_theory.php",
"chars": 842,
"preview": "<?php\n\nfunction xor_this($cleartext, $key) {\n // Our output text\n $outText = '';\n\n // Iterate through each char"
},
{
"path": "vulnerabilities/csp/help/help.php",
"chars": 3959,
"preview": "<div class=\"body_padded\">\r\n\t<h1>Help - Content Security Policy (CSP) Bypass</h1>\r\n\r\n\t<div id=\"code\">\r\n\t<table width='100"
},
{
"path": "vulnerabilities/csp/index.php",
"chars": 1651,
"preview": "<?php\n\ndefine( 'DVWA_WEB_PAGE_TO_ROOT', '../../' );\nrequire_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php"
},
{
"path": "vulnerabilities/csp/source/high.js",
"chars": 428,
"preview": "function clickButton() {\n var s = document.createElement(\"script\");\n s.src = \"source/jsonp.php?callback=solveSum\";"
},
{
"path": "vulnerabilities/csp/source/high.php",
"chars": 548,
"preview": "<?php\n$headerCSP = \"Content-Security-Policy: script-src 'self';\";\n\nheader($headerCSP);\n\n?>\n<?php\nif (isset ($_POST['incl"
},
{
"path": "vulnerabilities/csp/source/impossible.js",
"chars": 421,
"preview": "function clickButton() {\n var s = document.createElement(\"script\");\n s.src = \"source/jsonp_impossible.php\";\n do"
},
{
"path": "vulnerabilities/csp/source/impossible.php",
"chars": 617,
"preview": "<?php\n\n$headerCSP = \"Content-Security-Policy: script-src 'self';\";\n\nheader($headerCSP);\n\n?>\n<?php\nif (isset ($_POST['inc"
},
{
"path": "vulnerabilities/csp/source/jsonp.php",
"chars": 247,
"preview": "<?php\nheader(\"Content-Type: application/json; charset=UTF-8\");\n\nif (array_key_exists (\"callback\", $_GET)) {\n\t$callback ="
},
{
"path": "vulnerabilities/csp/source/jsonp_impossible.php",
"chars": 144,
"preview": "<?php\nheader(\"Content-Type: application/json; charset=UTF-8\");\n\n$outp = array (\"answer\" => \"15\");\n\necho \"solveSum (\".jso"
},
{
"path": "vulnerabilities/csp/source/low.php",
"chars": 1013,
"preview": "<?php\n\n$headerCSP = \"Content-Security-Policy: script-src 'self' https://pastebin.com hastebin.com www.toptal.com example"
},
{
"path": "vulnerabilities/csp/source/medium.php",
"chars": 703,
"preview": "<?php\n\n$headerCSP = \"Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-TmV2ZXIgZ29pbmcgdG8gZ2l2ZSB5b3Ugd"
},
{
"path": "vulnerabilities/csrf/help/help.php",
"chars": 3385,
"preview": "<div class=\"body_padded\">\r\n\t<h1>Help - Cross Site Request Forgery (CSRF)</h1>\r\n\r\n\t<div id=\"code\">\r\n\t<table width='100%' "
},
{
"path": "vulnerabilities/csrf/index.php",
"chars": 3460,
"preview": "<?php\r\n\r\ndefine( 'DVWA_WEB_PAGE_TO_ROOT', '../../' );\r\nrequire_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc."
},
{
"path": "vulnerabilities/csrf/source/high.php",
"chars": 2076,
"preview": "<?php\r\n\r\n$change = false;\r\n$request_type = \"html\";\r\n$return_message = \"Request Failed\";\r\n\r\nif ($_SERVER['REQUEST_METHOD'"
},
{
"path": "vulnerabilities/csrf/source/impossible.php",
"chars": 2177,
"preview": "<?php\r\n\r\nif( isset( $_GET[ 'Change' ] ) ) {\r\n\t// Check Anti-CSRF token\r\n\tcheckToken( $_REQUEST[ 'user_token' ], $_SESSIO"
},
{
"path": "vulnerabilities/csrf/source/low.php",
"chars": 1249,
"preview": "<?php\r\n\r\nif( isset( $_GET[ 'Change' ] ) ) {\r\n\t// Get input\r\n\t$pass_new = $_GET[ 'password_new' ];\r\n\t$pass_conf = $_GET["
},
{
"path": "vulnerabilities/csrf/source/medium.php",
"chars": 1516,
"preview": "<?php\r\n\r\nif( isset( $_GET[ 'Change' ] ) ) {\r\n\t// Checks to see where the request came from\r\n\tif( stripos( $_SERVER[ 'HTT"
},
{
"path": "vulnerabilities/csrf/test_credentials.php",
"chars": 1975,
"preview": "<?php\r\n\r\ndefine( 'DVWA_WEB_PAGE_TO_ROOT', '../../' );\r\nrequire_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc."
},
{
"path": "vulnerabilities/exec/help/help.php",
"chars": 3186,
"preview": "<div class=\"body_padded\">\r\n\t<h1>Help - Command Injection</h1>\r\n\r\n\t<div id=\"code\">\r\n\t<table width='100%' bgcolor='white' "
},
{
"path": "vulnerabilities/exec/index.php",
"chars": 1829,
"preview": "<?php\r\n\r\ndefine( 'DVWA_WEB_PAGE_TO_ROOT', '../../' );\r\nrequire_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc."
},
{
"path": "vulnerabilities/exec/source/high.php",
"chars": 741,
"preview": "<?php\r\n\r\nif( isset( $_POST[ 'Submit' ] ) ) {\r\n\t// Get input\r\n\t$target = trim($_REQUEST[ 'ip' ]);\r\n\r\n\t// Set blacklist\r\n"
},
{
"path": "vulnerabilities/exec/source/impossible.php",
"chars": 1159,
"preview": "<?php\r\n\r\nif( isset( $_POST[ 'Submit' ] ) ) {\r\n\t// Check Anti-CSRF token\r\n\tcheckToken( $_REQUEST[ 'user_token' ], $_SESS"
},
{
"path": "vulnerabilities/exec/source/low.php",
"chars": 404,
"preview": "<?php\r\n\r\nif( isset( $_POST[ 'Submit' ] ) ) {\r\n\t// Get input\r\n\t$target = $_REQUEST[ 'ip' ];\r\n\r\n\t// Determine OS and exec"
},
{
"path": "vulnerabilities/exec/source/medium.php",
"chars": 630,
"preview": "<?php\r\n\r\nif( isset( $_POST[ 'Submit' ] ) ) {\r\n\t// Get input\r\n\t$target = $_REQUEST[ 'ip' ];\r\n\r\n\t// Set blacklist\r\n\t$subs"
},
{
"path": "vulnerabilities/fi/file1.php",
"chars": 1050,
"preview": "<?php\r\n\r\n$page[ 'body' ] .= \"\r\n<div class=\\\"body_padded\\\">\r\n\t<h1>Vulnerability: File Inclusion</h1>\r\n\t<div class=\\\"vulne"
},
{
"path": "vulnerabilities/fi/file2.php",
"chars": 1054,
"preview": "<?php\r\n\r\n$page[ 'body' ] .= \"\r\n<div class=\\\"body_padded\\\">\r\n\t<h1>Vulnerability: File Inclusion</h1>\r\n\t<div class=\\\"vulne"
},
{
"path": "vulnerabilities/fi/file3.php",
"chars": 1559,
"preview": "<?php\r\n\r\n$page[ 'body' ] .= \"\r\n<div class=\\\"body_padded\\\">\r\n\t<h1>Vulnerability: File Inclusion</h1>\r\n\t<div class=\\\"vulne"
},
{
"path": "vulnerabilities/fi/file4.php",
"chars": 372,
"preview": "<?php\r\n\r\n$page[ 'body' ] .= \"\r\n<div class=\\\"body_padded\\\">\r\n\t<h1>Vulnerability: File Inclusion</h1>\r\n\t<div class=\\\"vulne"
},
{
"path": "vulnerabilities/fi/help/help.php",
"chars": 3700,
"preview": "<div class=\"body_padded\">\r\n\t<h1>Help - File Inclusion</h1>\r\n\r\n\t<div id=\"code\">\r\n\t<table width='100%' bgcolor='white' sty"
},
{
"path": "vulnerabilities/fi/include.php",
"chars": 2036,
"preview": "<?php\r\n\r\n// Check if the right PHP functions are enabled\r\n$WarningHtml = '';\r\nif( !ini_get( 'allow_url_include' ) ) {\r\n\t"
},
{
"path": "vulnerabilities/fi/index.php",
"chars": 995,
"preview": "<?php\r\n\r\ndefine( 'DVWA_WEB_PAGE_TO_ROOT', '../../' );\r\nrequire_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc."
},
{
"path": "vulnerabilities/fi/source/high.php",
"chars": 236,
"preview": "<?php\r\n\r\n// The page we wish to display\r\n$file = $_GET[ 'page' ];\r\n\r\n// Input validation\r\nif( !fnmatch( \"file*\", $file )"
},
{
"path": "vulnerabilities/fi/source/impossible.php",
"chars": 353,
"preview": "<?php\r\n\r\n// The page we wish to display\r\n$file = $_GET[ 'page' ];\r\n\r\n// Only allow include.php or file{1..3}.php\r\n$confi"
},
{
"path": "vulnerabilities/fi/source/low.php",
"chars": 73,
"preview": "<?php\r\n\r\n// The page we wish to display\r\n$file = $_GET[ 'page' ];\r\n\r\n?>\r\n"
},
{
"path": "vulnerabilities/fi/source/medium.php",
"chars": 222,
"preview": "<?php\r\n\r\n// The page we wish to display\r\n$file = $_GET[ 'page' ];\r\n\r\n// Input validation\r\n$file = str_replace( array( \"h"
},
{
"path": "vulnerabilities/help.css",
"chars": 60,
"preview": "#low_answer,#medium_answer,#high_answer {\n\tdisplay: none;\n}\n"
},
{
"path": "vulnerabilities/help.js",
"chars": 366,
"preview": "function show_answer(which) {\n\tvar block = document.getElementById(which + \"_answer\");\n\tvar button = document.getElement"
},
{
"path": "vulnerabilities/javascript/help/help.php",
"chars": 3365,
"preview": "<div class=\"body_padded\">\n\t<h1>Help - Client Side JavaScript</h1>\n\n\t<div id=\"code\" style=\"padding: 3px; border: 2px #C0C"
},
{
"path": "vulnerabilities/javascript/index.php",
"chars": 3309,
"preview": "<?php\n\ndefine( 'DVWA_WEB_PAGE_TO_ROOT', '../../' );\nrequire_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php"
},
{
"path": "vulnerabilities/javascript/source/high.js",
"chars": 10418,
"preview": "var a=['fromCharCode','toString','replace','BeJ','\\x5cw+','Lyg','SuR','(w(){\\x273M\\x203L\\x27;q\\x201l=\\x273K\\x203I\\x203J\\"
},
{
"path": "vulnerabilities/javascript/source/high.php",
"chars": 126,
"preview": "<?php\n$page[ 'body' ] .= '<script src=\"' . DVWA_WEB_PAGE_TO_ROOT . 'vulnerabilities/javascript/source/high.js\"></script>"
},
{
"path": "vulnerabilities/javascript/source/high_unobfuscated.js",
"chars": 19039,
"preview": "/**\n * [js-sha256]{@link https://github.com/emn178/js-sha256}\n *\n * @version 0.9.0\n * @author Chen, Yi-Cyuan [emn178@gma"
},
{
"path": "vulnerabilities/javascript/source/impossible.php",
"chars": 0,
"preview": ""
},
{
"path": "vulnerabilities/javascript/source/low.php",
"chars": 4182,
"preview": "<?php\n$page[ 'body' ] .= <<<EOF\n<script>\n\n/*\nMD5 code from here\nhttps://github.com/blueimp/JavaScript-MD5\n*/\n\n!function("
},
{
"path": "vulnerabilities/javascript/source/medium.js",
"chars": 258,
"preview": "function do_something(e){for(var t=\"\",n=e.length-1;n>=0;n--)t+=e[n];return t}setTimeout(function(){do_elsesomething(\"XX\""
},
{
"path": "vulnerabilities/javascript/source/medium.php",
"chars": 128,
"preview": "<?php\n$page[ 'body' ] .= '<script src=\"' . DVWA_WEB_PAGE_TO_ROOT . 'vulnerabilities/javascript/source/medium.js\"></scrip"
},
{
"path": "vulnerabilities/open_redirect/help/help.php",
"chars": 2857,
"preview": "<div class=\"body_padded\">\r\n\t<h1>Help - Open HTTP Redirect</h1>\r\n\r\n\t<div id=\"code\">\r\n\t<table width='100%' bgcolor='white'"
},
{
"path": "vulnerabilities/open_redirect/index.php",
"chars": 2124,
"preview": "<?php\r\n\r\ndefine( 'DVWA_WEB_PAGE_TO_ROOT', '../../' );\r\nrequire_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc."
},
{
"path": "vulnerabilities/open_redirect/source/high.php",
"chars": 398,
"preview": "<?php\r\n\r\nif (array_key_exists (\"redirect\", $_GET) && $_GET['redirect'] != \"\") {\r\n\tif (strpos($_GET['redirect'], \"info.ph"
},
{
"path": "vulnerabilities/open_redirect/source/impossible.php",
"chars": 483,
"preview": "<?php\r\n\r\n$target = \"\";\r\n\r\nif (array_key_exists (\"redirect\", $_GET) && is_numeric($_GET['redirect'])) {\r\n\tswitch (intval "
},
{
"path": "vulnerabilities/open_redirect/source/info.php",
"chars": 2022,
"preview": "<?php\r\n\r\ndefine( 'DVWA_WEB_PAGE_TO_ROOT', '../../../' );\r\nrequire_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.i"
},
{
"path": "vulnerabilities/open_redirect/source/low.php",
"chars": 221,
"preview": "<?php\r\n\r\nif (array_key_exists (\"redirect\", $_GET) && $_GET['redirect'] != \"\") {\r\n\theader (\"location: \" . $_GET['redirect"
},
{
"path": "vulnerabilities/open_redirect/source/medium.php",
"chars": 395,
"preview": "<?php\r\n\r\nif (array_key_exists (\"redirect\", $_GET) && $_GET['redirect'] != \"\") {\r\n\tif (preg_match (\"/http:\\/\\/|https:\\/\\/"
},
{
"path": "vulnerabilities/sqli/help/help.php",
"chars": 2885,
"preview": "<div class=\"body_padded\">\r\n\t<h1>Help - SQL Injection</h1>\r\n\r\n\t<div id=\"code\">\r\n\t<table width='100%' bgcolor='white' styl"
},
{
"path": "vulnerabilities/sqli/index.php",
"chars": 2394,
"preview": "<?php\r\n\r\ndefine( 'DVWA_WEB_PAGE_TO_ROOT', '../../' );\r\nrequire_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc."
},
{
"path": "vulnerabilities/sqli/session-input.php",
"chars": 880,
"preview": "<?php\r\n\r\ndefine( 'DVWA_WEB_PAGE_TO_ROOT', '../../' );\r\nrequire_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc."
},
{
"path": "vulnerabilities/sqli/source/high.php",
"chars": 1459,
"preview": "<?php\r\n\r\nif( isset( $_SESSION [ 'id' ] ) ) {\r\n\t// Get input\r\n\t$id = $_SESSION[ 'id' ];\r\n\r\n\tswitch ($_DVWA['SQLI_DB']) {\r"
},
{
"path": "vulnerabilities/sqli/source/impossible.php",
"chars": 1854,
"preview": "<?php\r\n\r\nif( isset( $_GET[ 'Submit' ] ) ) {\r\n\t// Check Anti-CSRF token\r\n\tcheckToken( $_REQUEST[ 'user_token' ], $_SESSIO"
},
{
"path": "vulnerabilities/sqli/source/low.php",
"chars": 1650,
"preview": "<?php\r\n\r\nif( isset( $_REQUEST[ 'Submit' ] ) ) {\r\n\t// Get input\r\n\t$id = $_REQUEST[ 'id' ];\r\n\r\n\tswitch ($_DVWA['SQLI_DB'])"
},
{
"path": "vulnerabilities/sqli/source/medium.php",
"chars": 1952,
"preview": "<?php\r\n\r\nif( isset( $_POST[ 'Submit' ] ) ) {\r\n\t// Get input\r\n\t$id = $_POST[ 'id' ];\r\n\r\n\t$id = mysqli_real_escape_string("
},
{
"path": "vulnerabilities/sqli/test.php",
"chars": 328,
"preview": "<?php\n$host = \"192.168.0.7\";\n$username = \"dvwa\";\n$password = \"password\";\n\nmssql_connect($host, $username, $password);\nms"
},
{
"path": "vulnerabilities/sqli_blind/cookie-input.php",
"chars": 805,
"preview": "<?php\r\n\r\ndefine( 'DVWA_WEB_PAGE_TO_ROOT', '../../' );\r\nrequire_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc."
},
{
"path": "vulnerabilities/sqli_blind/help/help.php",
"chars": 3143,
"preview": "<div class=\"body_padded\">\r\n\t<h1>Help - SQL Injection (Blind)</h1>\r\n\r\n\t<div id=\"code\">\r\n\t<table width='100%' bgcolor='whi"
},
{
"path": "vulnerabilities/sqli_blind/index.php",
"chars": 3206,
"preview": "<?php\r\n\r\ndefine( 'DVWA_WEB_PAGE_TO_ROOT', '../../' );\r\nrequire_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc."
},
{
"path": "vulnerabilities/sqli_blind/source/high.php",
"chars": 1566,
"preview": "<?php\r\n\r\nif( isset( $_COOKIE[ 'id' ] ) ) {\r\n\t// Get input\r\n\t$id = $_COOKIE[ 'id' ];\r\n\t$exists = false;\r\n\r\n\tswitch ($_DVW"
},
{
"path": "vulnerabilities/sqli_blind/source/impossible.php",
"chars": 1778,
"preview": "<?php\r\n\r\nif( isset( $_GET[ 'Submit' ] ) ) {\r\n\t// Check Anti-CSRF token\r\n\tcheckToken( $_REQUEST[ 'user_token' ], $_SESSIO"
},
{
"path": "vulnerabilities/sqli_blind/source/low.php",
"chars": 1413,
"preview": "<?php\r\n\r\nif( isset( $_GET[ 'Submit' ] ) ) {\r\n\t// Get input\r\n\t$id = $_GET[ 'id' ];\r\n\t$exists = false;\r\n\r\n\tswitch ($_DVWA["
},
{
"path": "vulnerabilities/sqli_blind/source/medium.php",
"chars": 1527,
"preview": "<?php\r\n\r\nif( isset( $_POST[ 'Submit' ] ) ) {\r\n\t// Get input\r\n\t$id = $_POST[ 'id' ];\r\n\t$exists = false;\r\n\r\n\tswitch ($_DV"
},
{
"path": "vulnerabilities/upload/help/help.php",
"chars": 2441,
"preview": "<div class=\"body_padded\">\r\n\t<h1>Help - File Upload</h1>\r\n\r\n\t<div id=\"code\">\r\n\t<table width='100%' bgcolor='white' style="
}
]
// ... and 33 more files (download for full content)
About this extraction
This page contains the full source code of the digininja/DVWA GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 233 files (910.8 KB), approximately 269.2k tokens, and a symbol index with 230 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.