Welcome to Damn Vulnerable Web Application!
欢迎进入DVWA!
Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid both students & teachers to learn about web application security in a controlled class room environment.
DVWA是一个脆弱的PHP/MySQL网络应用。它旨在帮助安全人员在一个合法的环境下测试他们的技能和工具,帮助网络开发者更好的理解保护Web应用程序的过程,并且帮助老师和学生在一个可控的教室环境中学习关于Web应用程序的知识。
The aim of DVWA is to practice some of the most common web vulnerabilities, with various levels of difficultly, with a simple straightforward interface.
DVWA旨在实践一些最常见的Web漏洞,这些漏洞有不同的难度等级,且具有一个简单直接的界面。
General Instructions
一般说明
It is up to the user how they approach DVWA. Either by working through every module at a fixed level, or selecting any module and working up to reach the highest level they can before moving onto the next one. There is not a fixed object to complete a module; however users should feel that they have successfully exploited the system as best as they possible could by using that particular vulnerability.
这取决于用户如何接触DVWA。可以在一个固定的难度上对每一个模块进行攻击,或选择任何一模块,并在进入下一个模块之前,达到它们所能达到的最高级别的攻击。没有固定的对象来完成模块;但是用户应该认为他们已经通过使用该特定的漏洞尽可能地成功地利用了系统。
Please note, there are both documented and undocumented vulnerability with this software. This is intentional. You are encouraged to try and discover as many issues as possible.
请注意,此软件中存在文档有记录的漏洞,也有一些漏洞没有记录。这是故意的。我们鼓励您尝试发现尽可能多的问题。
DVWA also includes a Web Application Firewall (WAF), PHPIDS, which can be enabled at any stage to further increase the difficulty. This will demonstrate how adding another layer of security may block certain malicious actions. Note, there are also various public methods at bypassing these protections (so this can be seen as an extension for more advanced users)!
DVWA还包括一个web应用防火墙(waf)以及phpids,您可以在任何阶段启用它以进一步增加难度。这将演示添加另一层安全性是如何阻止某些恶意操作的。注意,绕过这些保护还有各种公开的方法(因此,这可以被视为对更高级用户的扩展)!
There is a help button at the bottom of each page, which allows you to view hints & tips for that vulnerability. There are also additional links for further background reading, which relates to that security issue.
每个页面底部都有一个帮助按钮,这将让您看到该漏洞的提示。还有其他链接可让您对背景有进一步的阅读,这些链接与该安全问题有关。
WARNING!
警告!
Damn Vulnerable Web Application is damn vulnerable! Do not upload it to your hosting provider's public html folder or any Internet facing servers, as they will be compromised. It is recommend using a virtual machine (such as VirtualBox or VMware), which is set to NAT networking mode. Inside a guest machine, you can downloading and install XAMPP for the web server and database.
DVWA是一个极易受到攻击的系统!不要将其上传到服务器提供商公开的HTML文件夹或任何面向Internet的服务器,因为它们会受到影响。建议使用虚拟机(如virtualbox或vmware),并将该虚拟机设置为NAT网络模式。在客户机内部,您可以下载并安装Web服务器和数据库的XAMPP。
Disclaimer
免责声明
We do not take responsibility for the way in which any one uses this application (DVWA). We have made the purposes of the application clear and it should not be used maliciously. We have given warnings and taken measures to prevent users from installing DVWA on to live web servers. If your web server is compromised via an installation of DVWA it is not our responsibility it is the responsibility of the person/s who uploaded and installed it.
我们不对任何人使用任何方式使用DVWA造成的后果负责,我们已经明确了此应用的目的,请勿使用DVWA进行恶意目的。我们给出了警告并采取行动防止使用者把DVWA安装到web服务器上,如果你的web服务器因为安装了DVWA而被攻击,这不是我们的责任,而且下载和安装它的人的责任
More Training Resources
DVWA aims to cover the most commonly seen vulnerabilities found in today's web applications. However there are plenty of other issues with web applications. Should you wish to explore any additional attack vectors, or want more difficult challenges, you may wish to look into the following other projects:
DVWA旨在覆盖能够在当今Web应用中最常见的漏洞。然而Web应用程序还有其他太多的问题。如果你想要探索其他的攻击维度或者接受更难的挑战,希望你进入如下这些项目:
- bWAPP
- NOWASP (formerly known as Mutillidae)
- OWASP Broken Web Applications Project
6090
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
