This is the list of all the DVWA exploits which I have written so far in the form of walkthrough. These walkthroughs are written keeping in mind that even if you have very limited knowledge of hacking, you can learn the procedure of exploiting particular vulnerability. I have tried to use very simple English so that you can focus more on the concept rather than the way of writing.
- DVWA File UploadMalicious File Upload is a type of web application vulnerability in which an attacker is able to upload any malicious file containing program code which is executed by the web server and then attacker can compromise the web server.
- DVWA Command InjectionCommand Injection is the most dangerous web application vulnerability (rated mostly 9-10.0/10.0 in CVS Score) that allows an attacker to run any arbitrary OS command on host Operating System using vulnerable web application.
- DVWA Stored XSS ExploitUnlike Reflected XSS, Stored XSS is most dangerous cross site scripting vulnerability. This type of vulnerability arises whenever a web application stores user supplied data for later use in backend without performing any filter or input sanitization.
- DVWA Reflected XSS ExploitReflected XSS occurs when the input supplied by the user reflects back in the browser window or inside page source of the web page.