alban/docker-vulnerable-dvwa
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

No... I am your father

Browse Source
This commit is contained in:
OPSXCQ 2017-01-02 19:31:58 -02:00
parent a7c8c2a824
commit 1209507c81
No known key found for this signature in database
GPG Key ID: 9AD730FE9CDE5661
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@ -33,6 +33,15 @@ To login you can use the following credentials:
* Username: admin * Username: admin
* Password: password * Password: password
## Hack and have fun !
If you are playing it in low dificulty, just to have a taste of how exploit a flaw in this app, go to ```SQL Injection``` in the left menu.
In the id field, add this query ```%' and 1=0 union select null, concat(first_name,'|',last_name,'|',user,'|',password) from users #```
![sqli](sqli.png)
There are several other ways and other vulnerabilities do exploit, go ahead, have fun !
## About DVWA ## About DVWA
You can visit DVWA [official website](http://www.dvwa.co.uk/) and official [github repository](https://github.com/ethicalhack3r/DVWA) if you want more information You can visit DVWA [official website](http://www.dvwa.co.uk/) and official [github repository](https://github.com/ethicalhack3r/DVWA) if you want more information