SQL Injection (Blind) - DVWA
Perform a blind SQL injection attack to retrieve the database version.
DVWA
Stored Cross Site Scripting (XSS) - DVWA
Trigger an alert pop-up with cookie values using Stored XSS.
Weak Session IDs - DVWA
Identify the cookie session ID pattern.