Command Injection - DVWA
Perform command injection using the ping functionality.
Writeups
Content Security Policy (CSP) Bypass - DVWA
Quest: Ensure Access & Identity in Google Cloud
Cross Site Request Forgery (CSRF) - DVWA
Changing the victim’s password using CSRF.
DOM Based Cross Site Scripting (XSS) - DVWA
Trigger an alert pop-up with cookie values using DOM-based XSS.
File Inclusion - DVWA
Read the /etc/passwd file using File Inclusion vulnerability.
File Upload - DVWA
Exploit the file upload vulnerability to achieve Remote Code Execution (RCE).
JavaScript Attacks - DVWA
Analyze the JavaScript code to reverse the logic and then submit the word ‘success’ in order to win.
Reflected Cross Site Scripting (XSS) - DVWA
Trigger an alert pop-up with cookie values using Reflected XSS.
SQL Injection - DVWA
Use an SQL injection attack to retrieve the admin password.
SQL Injection (Blind) - DVWA
Perform a blind SQL injection attack to retrieve the database version.