Brute Force - DVWA
The goal is to brute force an HTTP login page.
Challenge
Command Injection - DVWA
Perform command injection using the ping functionality.
Cross Site Request Forgery (CSRF) - DVWA
Changing the victim’s password using CSRF.
File Inclusion - DVWA
Read the /etc/passwd file using File Inclusion vulnerability.
File Upload - DVWA
Exploit the file upload vulnerability to achieve Remote Code Execution (RCE).
SQL Injection - DVWA
Use an SQL injection attack to retrieve the admin password.
SQL Injection (Blind) - DVWA
Perform a blind SQL injection attack to retrieve the database version.
Weak Session IDs - DVWA
Identify the cookie session ID pattern.
DOM Based Cross Site Scripting (XSS) - DVWA
Trigger an alert pop-up with cookie values using DOM-based XSS.
Reflected Cross Site Scripting (XSS) - DVWA
Trigger an alert pop-up with cookie values using Reflected XSS.