Share
## https://sploitus.com/exploit?id=1BA82890-B9C2-5B5A-BF01-241E59E8B1B6
# DVWA Web Security Labs

## Project Description

This project creates a web security testing environment based on DVWA (Damn Vulnerable Web Application). It involves reproducing multiple common web-based vulnerabilities, performing packet capture analysis, testing payloads, and summarizing defense measures. This project integrates the following basic vulnerability experiments:

1. SQL Injection
2. XSS (Cross-Site Scripting)
3. CSRF (Cross-Site Request Forgery)
4. File Upload Vulnerabilities
5. Command Injection
6. File Inclusion Vulnerabilities

This project is primarily used for learning web security basics, practicing vulnerability reproduction, and showcasing personal GitHub projects. ---

## Technology Stack

- Windows 11
- Docker Desktop
- DVWA
- Burp Suite Community Edition
- Google Chrome / Burp Built-in Browser
- MySQL / MariaDB
- Git / GitHub

---

## Experimental Environment

| Component | Description |
|---|---|
| Operating System | Windows 11 |
| Testing Environment | DVWA |
| Container Environment | Docker Desktop |
| Packet Capture Tool | Burp Suite Community Edition |
| Browser | Google Chrome / Burp Built-in Browser |
| Database | MySQL / MariaDB |
| Security Level | Low / Medium |

---

## Project Structure

```
dvwa_web_security_labs/
β”‚
β”œβ”€β”€ README.md
β”œβ”€β”€ payloads/
β”‚   └── dvwa_payloads.txt
β”œβ”€β”€ reports/
β”‚   └── dvwa_basic_vulnerabilities_report.md
└── screenshots/
    β”œβ”€β”€ 01_sql_injection/
    β”œβ”€β”€ 02_xss/
    β”œβ”€β”€ 03_csrf/
    β”œβ”€β”€ 04_fileUpload/
    β”œβ”€β”€ 05_command_injection/
    └── 06_file_inclusion/
```

---

## DVWA Environment Launch

Enter the DVWA project directory and execute:

```bash
docker compose up -d
```

Access from a browser:

```text
http://localhost:4280
```

Default account:

```text
admin
```

Default password:

```text
password
```

If you changed the password during previous experiments, you can log in with the current password, or reset the database by going to DVWA’s β€œSetup” or β€œReset DB” page. ---

# 1. SQL Injection

## Vulnerability Description

SQL Injection occurs when the backend directly inserts user input into SQL statements, allowing attackers to alter the SQL query logic, thereby reading, enumerating, or modifying database content. ## Experiment Details

This experiment includes:

- Normal ID queries;
- Burp Suite packet capture analysis;
- Checking the number of fields in ORDER BY clauses;
- UNION SELECT queries;
- Enumerating information about `database()` and `version()` functions;
- Extracting hashed usernames and passwords from the `users` table. ## Key Screenshots

![DVWA Setup](screenshots/01_sql_injection/dvwa_setup.png)

![Burp Intercept Request](screenshots/01_sql_injection/burp_intercept_request.png)

![Union Select Success](screenshots/01_sql_injection/union_select_success.png)

![Database Information Enumeration](screenshots/01_sql_injection/database_information_enumeration.png)

![SQL Injection Password Extraction](screenshots/01_sql_injection/sql_injection_password_extraction.png)

---

# 2. XSS Cross-Site Scripting

## Vulnerability Description

XSS occurs when websites do not properly handle user input and page outputs, allowing attackers’ injected JavaScript to be executed by the browser. This experiment includes:

- Reflected XSS

## Experiment Content

This experiment has completed the following tasks:

- Verified reflected XSS using `alert(1)`;
- Verified stored XSS using β€œβ€;
- Observed the persistence of Stored XSS;
- Tested DOM XSS;
- Analyzed simple filtering rules and attempted bypasses.

### Key Screenshots

![XSS Reflected Page](screenshots/02_xss/xss_reflected_page.png)

![XSS Reflected Alert](screenshots/02_xss/xss_reflected_alert.png)

![Burp XSS Request](screenshots/02_xss/burp_xss_request.png)

![Stored XSS Page](screenshots/02_xss/stored_xss_page.png)

![Stored XSS Alert](screenshots/02_xss/stored_xss_alert.png)

![Stored XSS Persistently](screenshots/02_xss/stored_xss_persistent.png)

![DOM XSS Page](screenshots/02_xss/dom_xss_page.png)

![DOM XSS Alert](screenshots/02_xss/dom_xss_alert.png)

![XSS Bypass Success](screenshots/02_xss/xss_bypass_success.png)

---

# 3. CSRF Cross-Site Request Forgery

## Vulnerability Description

CSRF is a technique where an attacker induces logged-in users to access malicious pages, causing the user’s browser to send sensitive requests to the target website while carrying cookies.

### Experiment Content

This experiment has completed the following tasks:

- Captured packets for normal password modification requests;
- Analyzed the `password_new` and `password_conf` parameters;
- Created the `csrf_attack.html` file;
- Automatically triggered password modification requests using JavaScript;
- Understood that CSRF exploits the user’s login state.

### Key Screenshots

![CSRF Page](screenshots/03_csrf/csrf_page.png)

![Burp CSRF Request](screenshots/03_csrf/burp_csrf_request.png)

![CSRF Attack HTML](screenshots/03_csrf/csrf_attack_html.png)

![CSRF Auto Trigger Request](screenshots/03_csrf/csrf_auto_trigger_request.png)

---

# 4. File Upload Vulnerabilities

## Vulnerability Description

File upload vulnerabilities occur when the server does not strictly verify the type, content, and execution permissions of uploaded files, allowing attackers to upload executable scripts.

### Experiment Content

This experiment has completed the following tasks:

- Normal image uploads;
- Captured multipart/form-data upload requests using Burp;
- Uploading PHP test files at a low level;
- Accessing and executing the uploaded PHP files;
- Blocking direct PHP uploads at a medium level;
- Bypassing MIME type detection by changing the Content-Type to image/jpeg.

### Key Screenshots

![File Upload Page](screenshots/04_fileupload/fileupload_page.png)

![Normal Image Upload](screenshots/04_fileupload/normal_imageupload.png)

![Burp Upload Request](screenshots/04_fileupload/burpupload_request.png)

![Uploaded PHP Execution](screenshots/04_fileupload/uploaded_php_execution.png)

![Medium Upload Block](screenshots/04_fileupload/mediumupload_block.png)

![Burp Medium Upload Bypass](screenshots/04_fileupload/burp_mediumupload_bypass.png)

![Medium PHP Execution](screenshots/04_fileupload/medium_php_execution.png)

# 5. Command Injection – Command Execution Vulnerabilities

## Vulnerability Description

Command injection vulnerabilities occur when the backend directly appends user-input data into system commands, allowing attackers to execute additional system commands. ## Experiment Details

This experiment included:

- A normal ping test;
- Capturing command execution requests using Burp;
- Verifying command execution with `; whoami`;
- Checking the execution environment using `pwd`, `id`, and `uname -a`;
- Observing filtering effects at Medium difficulty level;
- Using the pipe character `| whoami` to perform basic bypass techniques. ## Key Screenshots

![Command Injection Page](screenshots/05_command_injection/command_injection_page.png)

![Normal Ping Result](screenshots/05_command_injection/normal_ping_result.png)

![Burp Command Request](screenshots/05_command_injection/burp_command_request.png)

![Command Whoami Success](screenshots/05_command_injection/command_whoami_success.png)

![Command ID Success](screenshots/05_command_injection/command_id_success.png)

![Medium Command Block](screenshots/05_command_injection/medium_command_block.png)

![Medium Bypass Success](screenshots/05_command_injection/medium_bypass_success.png)

---

# 6. File Inclusion – File Inclusion Vulnerabilities

## Vulnerability Description

File inclusion vulnerabilities arise when the backend loads files based on parameters provided by users, without strict restrictions on file paths. This allows attackers to read local server files through path traversal. ## Experiment Details

This experiment included:

- Normal inclusion of `file1.php`;
- Analyzing the `page` parameter in URLs;
- Reading `/etc/passwd` using path traversal;
- Capturing LFI requests with Burp;
- Intercepting normal path traversal at Medium difficulty level;
- Using the `....//` path manipulation technique to bypass simple filters. ## Key Screenshots

![File Inclusion Page](screenshots/06_file_inclusion/file_inclusion_page.png)

![Normal File Include](screenshots/06_file_inclusion/normal_file_include.png)

![LFI Passwd Success](screenshots/06_file_inclusion/lfi_passwd_success.png)

![Burp LFI Request](screenshots/06_file_inclusion/burp_lfi_request.png)

![Medium LFI Block](screenshots/06_file_inclusion/medium_lfi_block.png)

![Medium LFI Bypass Success](screenshots/06_file_inclusion/medium_lfi_bypass_success.png)

---

# Learning Summary

Through this project, we have replicated and analyzed several basic Web vulnerabilities in the DVWA environment. We have mastered:

- How to use the DVWA training environment;
- How to capture packets with Burp Suite and replay Repeater requests;
- The basic testing process for SQL injections;
- Three common types of XSS attacks;
- The principle of CSRF requests;
- Vulnerabilities related to file uploads and Content-Type bypasses;
- Vulnerabilities related to command execution and character set bypasses;
- Vulnerabilities related to file inclusion and path traversal;
- Defense strategies for common Web vulnerabilities. ---

## Detailed Report

The complete experiment process, vulnerability analysis, payloads, and defense recommendations can be found in:

```text
reports/dvwa_basic_vulnerabilities_report.md
```

Payloads can be found in:

```text
payloads/dvwa_payloads.txt
```

---

## Disclaimer

This project is solely for web security learning, vulnerability reproduction, and research purposes. All experiments were conducted within the local DVWA environment. It is strictly prohibited to use it for unauthorized targets.