[fix] derivative mention and howto

This commit is contained in:
alban 2020-09-06 17:31:48 +02:00
parent 3cd5f05e82
commit fd909113ed

View File

@ -1,6 +1,24 @@
# Damn Vulnerable Web Application Docker container
[![Docker Pulls](https://img.shields.io/docker/pulls/vulnerables/web-dvwa.svg?style=plastic)](https://hub.docker.com/r/vulnerables/web-dvwa/)
![License](https://img.shields.io/badge/License-GPL-blue.svg?style=plastic)
## Caution
This is a derivative of the [original project](https://github.com/opsxcq/docker-vulnerable-dvwa/).
To build your own image :
```
git clone https://git.interhacker.space/alban/docker-vulnerable-dvwa
cd docker-vulnerable-dvwa
git submodule init
git submodule update
docker build . -t dvwa:latest
```
To use the image:
```
docker run albancrommer/dvwa:latest
```
## About
Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid both students & teachers to learn about web application security in a controlled class room environment.
@ -12,11 +30,10 @@ The aim of DVWA is to practice some of the most common web vulnerability, with v
To run this image you need [docker](http://docker.com) installed. Just run the command:
docker run --rm -it -p 80:80 vulnerables/web-dvwa
docker run --rm -it -p 80:80 albancrommer/dvwa
And wait until it download the image and start it, after that you can see the image running in your local machine:
![setup](https://github.com/opsxcq/docker-vulnerable-dvwa/blob/master/setup.png?raw=tru)
Just click on the ```Create / Reset database``` button and it will generate any aditional configuration needed.
@ -31,7 +48,6 @@ To login you can use the following credentials:
The default dificulty level is the ```impossible``` level, you can change it in ```DVWA Security``` item in the left menu.
![dificulty](https://github.com/opsxcq/docker-vulnerable-dvwa/blob/master/setup-dificulty.png?raw=tru)
## Hack and have fun !
@ -40,7 +56,6 @@ In the id field, add this query:
%' and 1=0 union select null, concat(user,':',password) from users #
![sqli](https://github.com/opsxcq/docker-vulnerable-dvwa/blob/master/sqli.png?raw=true)
There are several other ways and other vulnerabilities do exploit, go ahead, have fun !