DO NOT USE THIS ON A LIVE ENVIRONMENT
In its latest release (version 1.0.6), it has the following vulnerabilities :
* SQL Injection
* XSS Stored/Reflected
* LFI (Local File Inclusion)
* RFI (Remote File Inclusion)
* Command Execution
* Upload Script
* Login Brute Force
* Full Path Disclosure
And much more...
Download the latest version - here
Simply unzip dvwa.zip, place the unzipped files in your public html folder, then point your browser to http://127.0.0.1/dvwa/index.php
Default username = adminDatabase Setup
Default password = password
To set up the database, simply click on the Setup button in the main menu, then click on the ’Create / Reset Database’ button. This will create / reset the database for you with some data in.
If you receive an error while trying to create your database, make sure your database credentials are correct within /config/config.inc.php
$_DVWA[ 'db_user' ] = 'your_database_username';More information, Official Web Site: DVWA
$_DVWA[ 'db_password' ] = 'your_database_password';
$_DVWA[ 'db_database' ] = 'your_database_name';
We do not take responsibility for the way in which any one uses Damn Vulnerable Web App (DVWA). We have made the purposes of the application clear and it should not be used maliciously. We have given warnings and taken measures to prevent users from installing DVWA on to live web servers. If your web server is compromised via an installation of DVWA it is not our responsibility it is the responsibility of the person/s who uploaded and installed it.