Scribd
Upload
405 views

Damn Vulnerable Web Applications

The document discusses how to install and use the Damn Vulnerable Web Application (DVWA) to test different types of web application attacks including SQL injection, file uploads, and cross-site scripting (XSS). It provides step-by-step instructions on how to set up DVWA and then exploit vulnerabilities through these attack types. The goals of DVWA are explained as helping security professionals test their skills legally, aiding web developers in securing applications, and assisting with education around web application security.

Uploaded by

Ali Kindy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
405 views

Damn Vulnerable Web Applications

The document discusses how to install and use the Damn Vulnerable Web Application (DVWA) to test different types of web application attacks including SQL injection, file uploads, and cross-site scripting (XSS). It provides step-by-step instructions on how to set up DVWA and then exploit vulnerabilities through these attack types. The goals of DVWA are explained as helping security professionals test their skills legally, aiding web developers in securing applications, and assisting with education around web application security.

Uploaded by

Ali Kindy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 16

Sara Sartoli Akbar Siami Namin

NSF-SFS workshop
July 14-18, 2014
 How to install and run DVWA
 Exploit a some SQL Injection attacks
 Upload a malicious file
 Exploit an XSS attack
 DVWA is a PHP/MySQL web application that is damn
vulnerable to most common web attacks.
 The main goals are:
◦ to be an aid for security professionals to test their skills and
tools in a legal environment.
◦ to help web developers better understand the processes of
securing web applications.
◦ To be an for aid teachers/students to teach/learn web
application security in a class room environment.
1. Install Xampp

1. Download DVWA and extract that


2. Copy DVWA folder in web server root
3. Go to DVWA Directory>>Config>> Open config.inc.php and
change $_DVWA[ 'db_password' ] = 'p@ssw0rd' to $_DVWA[
'db_password' ] = 'p@ssw0rd' to $_DVWA[ 'db_password' ] =''
 A SQL injection attack consists of insertion or “injection” of a
SQL query via the input data from the client to the application.

 In SQL injection, SQL commands are injected into data-plane


input in order to effect the execution of predefined SQL
commands.

 Input data must be validated to ensure that the web application


is operated on clean, correct and useful data .
 The query, executed back in the database looks like:
SELECT first_name, Last_Name from users where ID=‘1’;

 A solution that would extract all the first name and passwords
from the table is to use following injection string:
SELECT first_name, Last_Name from users where ID=‘1’ or ‘0’=‘0’;
 The basic idea is to make the database to respond with error message
containing database type and version.
 Entering a quote make the DB to consider any characters after quote as a
simple string and non sql code and cause syntax error.
 Now we know that the database is MySQL so we can use appropriate
queries to find out the version.
 In MySQL the queries that return the version are:
SELECT version()
SELECT @@version
 Enter the following srings:
1. ‘ union select @@version#
2. ' union select null, @@version #
 The query that would extract DB version is:
SELECT first_name, Last_Name from users where ID=‘ ’union select null,
@@version #’;
 In MySQL the queries that retrieve the host_name anddatabase
name are:
SELECT database()
SELECT @@ hostname()
 So, What would be the injection string????
 Information schema is a database that contains information about
all of databases that the installed MySQL contains.
 Enter the following string:
a' UNION select table_schema,table_name FROM
information_Schema.tables;#
 Try to find damn vulnerable web app database and its tables.
 Now , set DVWA to high security and attack again.
 The first step in many attacks is to get some code to
the system to be attacked. Then the attacker only
needs to find a way to get the code executed. Using a
file upload helps the attacker accomplish the first step.
1. Copy a JPG file and a PNG file to the root.
2. Choose a PHP file in the root Path and try to upload that.
3. Try to upload JPG and PNG file as well.
4. Give it a try with medium and high security.

Note:
 Check the PHP code to figure out What the differences are?
 Cross-Site Scripting attacks are a type of injection
problem, in which client-side script is injected into
web pages viewed by other users.
1. Select “XSS Stored” from the left navigation menu.
2. Name: Test 1
3. Message: <script>alert(“my xss attack”)</script>
4. Sign guestBook

Note:
 This XSS exploit will be displayed for all of users.
1. Reset the DataBase
2. Select “XSS Stored” from the left navigation menu.
3. Input Name: Test 2
4. Input Message: <iframe src=“http://www.cnn.com”></iframe>
5. Sign Guest Book

Notes:
 We need to reset the database otherwise the each XSS exploit will
appear for each example.
 This is a powerful exploit because a user could use SET to create
Malicious cloned website and place in here.
1. Reset the DataBase
2. Select “XSS Stored” from the left navigation menu.
3. Input Name: Test 3
4. Input Message: <script>alert(document.cookie)</script>
5. Sign Guest Book

Notes:
 It is possible to modify this XSS script to send the cookie to a
remote location instead of displaying it.(man in the middle attack)
 Check the PHP code to figure out What the differences are?
Thank you

You might also like