Aftab Sama
  • About
  • Archives
  • Tags
  • Search
Home » Writeups

DVWA Writeups

Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid both students & teachers to learn about web application security in a controlled class room environment.

Brute Force - DVWA

The goal is to brute force an HTTP login page.

August 17, 2022 · 3 min · 510 words · Aftab Sama

Command Injection - DVWA

Perform command injection using the ping functionality.

August 17, 2022 · 1 min · 64 words · Aftab Sama

Content Security Policy (CSP) Bypass - DVWA

Quest: Ensure Access & Identity in Google Cloud

August 17, 2022 · 1 min · 106 words · Aftab Sama

Cross Site Request Forgery (CSRF) - DVWA

Changing the victim’s password using CSRF.

August 17, 2022 · 2 min · 331 words · Aftab Sama

DOM Based Cross Site Scripting (XSS) - DVWA

Trigger an alert pop-up with cookie values using DOM-based XSS.

August 17, 2022 · 1 min · 100 words · Aftab Sama

File Inclusion - DVWA

Read the /etc/passwd file using File Inclusion vulnerability.

August 17, 2022 · 1 min · 55 words · Aftab Sama

File Upload - DVWA

Exploit the file upload vulnerability to achieve Remote Code Execution (RCE).

August 17, 2022 · 1 min · 193 words · Aftab Sama

JavaScript Attacks - DVWA

Analyze the JavaScript code to reverse the logic and then submit the word ‘success’ in order to win.

August 17, 2022 · 1 min · 143 words · Aftab Sama

Reflected Cross Site Scripting (XSS) - DVWA

Trigger an alert pop-up with cookie values using Reflected XSS.

August 17, 2022 · 1 min · 54 words · Aftab Sama

SQL Injection - DVWA

Use an SQL injection attack to retrieve the admin password.

August 17, 2022 · 1 min · 97 words · Aftab Sama
Next  »
© 2026 Aftab Sama · Privacy Policy · Disclaimer · Status · Powered by Hugo & PaperMod