This is the list of all the DVWA exploits which I have written so far in the form of walkthrough. These walkthroughs are written keeping in mind that even if you have very limited knowledge of hacking, you can learn the procedure of exploiting particular vulnerability. I have tried to use very simple English so that you can focus more on the concept rather than the way of writing.

  • DVWA Command Injection
    Command Injection is the most dangerous web application vulnerability (rated mostly 9-10.0/10.0 in CVS Score) that allows an attacker to run any arbitrary OS command on host Operating System using vulnerable web application.
  • DVWA DOM XSS Exploit
    DOM-based XSS is a type of XSS vulnerability which arises when any client-side JavaScript takes input from any attacker-controllable source and passes it without validation into a sink that execute code dynamically.
  • DVWA Stored XSS Exploit
    Unlike Reflected XSS, Stored XSS is most dangerous cross site scripting vulnerability. This type of vulnerability arises whenever a web application stores user supplied data for later use in backend without performing any filter or input sanitization.
  • DVWA Reflected XSS Exploit
    Reflected XSS occurs when the input supplied by the user reflects back in the browser window or inside page source of the web page.