1.簡介Damn Vulnerable Web App (DVWA)
DVWA is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment. https://github.com/ethicalhack3r/DVWA
2.win環境部署:Windows + XAMPP (xampp是php環境一鍵部署)
方式1:XAMPP
The easiest way to install DVWA is to download and install XAMPP if you do not already have a web server setup.
XAMPP is a very easy to install Apache Distribution for Linux, Solaris, Windows and Mac OS X. The package includes the Apache web server, MySQL, PHP, Perl, a FTP server and phpMyAdmin.
XAMPP can be downloaded from: https://www.apachefriends.org/en/xampp.html
Simply unzip dvwa.zip, place the unzipped files in your public html folder, then point your browser to: http://127.0.0.1/dvwa/setup.php
方式2:使用 phpstudy 也是一鍵部署php
http://www.phpstudy.net/phpstudy/phpStudy20161103.zip
3.部署DVWA
1)下載DVWA應用zip包,解壓到phpstudy_pro/WWW 目錄下,並重命名為DVWA。
2)修改配置文件,主要修改db_password為root這個和phpstudy默認密碼有關。
config.inc.php不存在,復制config.inc.php.dist,改名為config.inc.php。
#F:\phpstudy_pro\WWW\DVWA\config\config.inc.php
$_DVWA[ 'db_password' ] = 'root'; $_DVWA[ 'recaptcha_public_key' ] = '6LdK7xITAAzzAAJQTfL7fu6I-0aPl8KHHieAT_yJg'; $_DVWA[ 'recaptcha_private_key' ] = '6LdK7xITAzzAAL_uw9YXVUOPoIHPZLfw2K1n5NVQ'; $_[ 'allow_url_include' ]='on'; $_[ 'allow_url_fopen' ]='on';
3)啟動服務,可以是一鍵啟動WNMP,也可以手動啟動套件下的apache和mysql。瀏覽器輸入 本機ip/DVWA 回車打開登錄頁面,帳戶admin / password
