Brute Force - DVWA
The goal is to brute force an HTTP login page.
DVWA
Command Injection - DVWA
Perform command injection using the ping functionality.
Content Security Policy (CSP) Bypass - DVWA
Quest: Ensure Access & Identity in Google Cloud
Cross Site Request Forgery (CSRF) - DVWA
Changing the victim’s password using CSRF.
DOM Based Cross Site Scripting (XSS) - DVWA
Trigger an alert pop-up with cookie values using DOM-based XSS.
File Inclusion - DVWA
Read the /etc/passwd file using File Inclusion vulnerability.
File Upload - DVWA
Exploit the file upload vulnerability to achieve Remote Code Execution (RCE).
JavaScript Attacks - DVWA
Analyze the JavaScript code to reverse the logic and then submit the word ‘success’ in order to win.
Reflected Cross Site Scripting (XSS) - DVWA
Trigger an alert pop-up with cookie values using Reflected XSS.
SQL Injection - DVWA
Use an SQL injection attack to retrieve the admin password.