Skip to content

Commit

Permalink
cleanup - formatting issues
Browse files Browse the repository at this point in the history
  • Loading branch information
g0tmi1k committed Sep 27, 2015
1 parent 75d2bde commit 08f744e
Show file tree
Hide file tree
Showing 47 changed files with 448 additions and 476 deletions.
102 changes: 51 additions & 51 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,30 +4,30 @@ DAMN VULNERABLE WEB APPLICATION
v1.9 (*Not Yet Released*)
======

+ Added CSRF token to pre-auth forms (login/setup/security pages). (g0tmi1k + Shinkurt)
+ Added HTTPOnly cookie flag on impossible levels. (g0tmi1k)
+ Added PDO for the impossible examples in SQLi & SQLi Blind. (g0tmi1k)
+ Added system check to setup. (g0tmi1k)
+ Changed brute force medium to be harder due to sleep. (g0tmi1k)
+ Changed file include landing page + added 3x example pages. (g0tmi1k)
+ Changed file include medium to be harder due to more filters. (g0tmi1k)
+ Changed HTTP REFERER check for medium level CSRF. (g0tmi1k)
+ Changed input box for medium level with SQLi + SQLi Blind. (g0tmi1k)
+ Changed SQLi + SQLi Blind to be $_POST rather than $_GET. (g0tmi1k)
+ Changed SQLi Blind to be a real example of the vulnerability. (g0tmi1k)
+ Fixed brute force and file upload impossible levels, as they were vulnerable. (g0tmi1k + Shinkurt)
+ Fixed bug with file fnclude page not loading. (g0tmi1k)
+ Fixed CAPTCHA bug to read URL parameters on impossible. (g0tmi1k)
+ Fixed CAPTCHA bug where the form wouldn't be visible. (g0tmi1k)
+ Fixed CAPTCHA bug where the URL parameters were not being used for low + medium. (g0tmi1k)
+ Fixed CSRF medium level bug when not on localhost. (g0tmi1k)
+ Fixed setup bug with custom URL path. (g0tmi1k)
+ Removed PostgreSQL DB support. (g0tmi1k)
+ Renamed 'Command Execution' to 'Command Injection'. (g0tmi1k)
+ Renamed 'high' level to 'impossible' and created new vectors for 'high'. (g0tmi1k)
+ Updated README and documentation. (g0tmi1k)
+ Various code cleanups in the core PHP files+CSS & Verbosed the documentation. (g0tmi1k)
+ Various setup improvements (e.g. redirection + limited menu links). (g0tmi1k)
+ Added CSRF token to pre-auth forms (login/setup/security pages). (@g0tmi1k + @Shinkurt)
+ Added HTTPOnly cookie flag on impossible levels. (@g0tmi1k)
+ Added PDO for the impossible examples in SQLi & SQLi Blind. (@g0tmi1k)
+ Added system check to setup. (@g0tmi1k)
+ Changed brute force medium to be harder due to sleep. (@g0tmi1k)
+ Changed file include landing page + added 3x example pages. (@g0tmi1k)
+ Changed file include medium to be harder due to more filters. (@g0tmi1k)
+ Changed HTTP REFERER check for medium level CSRF. (@g0tmi1k)
+ Changed input box for medium level with SQLi + SQLi Blind. (@g0tmi1k)
+ Changed SQLi + SQLi Blind to be $_POST rather than $_GET. (@g0tmi1k)
+ Changed SQLi Blind to be a real example of the vulnerability. (@g0tmi1k)
+ Fixed brute force and file upload impossible levels, as they were vulnerable. (@g0tmi1k + @Shinkurt)
+ Fixed bug with file fnclude page not loading. (@g0tmi1k)
+ Fixed CAPTCHA bug to read URL parameters on impossible. (@g0tmi1k)
+ Fixed CAPTCHA bug where the form wouldn't be visible. (@g0tmi1k)
+ Fixed CAPTCHA bug where the URL parameters were not being used for low + medium. (@g0tmi1k)
+ Fixed CSRF medium level bug when not on localhost. (@g0tmi1k)
+ Fixed setup bug with custom URL path. (@g0tmi1k)
+ Removed PostgreSQL DB support. (@g0tmi1k)
+ Renamed 'Command Execution' to 'Command Injection'. (@g0tmi1k)
+ Renamed 'high' level to 'impossible' and created new vectors for 'high'. (@g0tmi1k)
+ Updated README and documentation. (@g0tmi1k)
+ Various code cleanups in the core PHP files+CSS & Verbosed the documentation. (@g0tmi1k)
+ Various setup improvements (e.g. redirection + limited menu links). (@g0tmi1k)

v1.8 (2013-05-01)
======
Expand All @@ -40,42 +40,42 @@ v1.8 (2013-05-01)
v1.0.7 (2010-09-08)
======

+ Re-designed the login page + made some other slight cosmetic changes. 06/06/2010 (ethicalhack3r)
+ Started PostgreSQL implementation. 15/03/2010 (ethicalhack3r)
+ A few small cosmetic changes. 15/03/2010 (ethicalhack3r)
+ Improved the help information and look. 15/03/2010 (ethicalhack3r)
+ Fixed a few bugs thanks to Digininja. 15/03/2010 (ethicalhack3r)
+ Re-designed the login page + made some other slight cosmetic changes. 06/06/2010 (@ethicalhack3r)
+ Started PostgreSQL implementation. 15/03/2010 (@ethicalhack3r)
+ A few small cosmetic changes. 15/03/2010 (@ethicalhack3r)
+ Improved the help information and look. 15/03/2010 (@ethicalhack3r)
+ Fixed a few bugs thanks to @Digininja. 15/03/2010 (@ethicalhack3r)
+ Show logged in username. 05/02/2010 (Jason Jones)
+ Added new info on RandomStorm. 04/02/2010 (ethicalhack3r)
+ Added 'SQL Injection (Blind)'. 04/02/2010 (ethicalhack3r)
+ Added official documentation. 21/11/2009 (ethicalhack3r)
+ Implemented view all source functionality. 16/10/2009 (tmacuk, craig, ethicalhack3r)
+ Added new info on RandomStorm. 04/02/2010 (@ethicalhack3r)
+ Added 'SQL Injection (Blind)'. 04/02/2010 (@ethicalhack3r)
+ Added official documentation. 21/11/2009 (@ethicalhack3r)
+ Implemented view all source functionality. 16/10/2009 (tmacuk, craig, @ethicalhack3r)

v1.0.6 (2009-10-05)
======

+ Fixed a bug where the logo would not show on first time use. 03/09/2009 (ethicalhack3r)
+ Removed 'current password' input box for low+med CSRF security. 03/09/2009 (ethicalhack3r)
+ Added an article which was written for OWASP Turkey. 03/10/2009 (ethicalhack3r)
+ Added more toubleshooting information. 02/10/2009 (ethicalhack3r)
+ Stored XSS high now sanitises output. 02/10/2009 (ethicalhack3r)
+ Fixed a 'bug' in XSS stored low which made it not vulnerable. 02/10/2009 (ethicalhack3r)
+ Rewritten command execution high to use a whitelist. 30/09/09 (ethicalhack3r)
+ Fixed a command execution vulnerability in exec high. 17/09/09 (ethicalhack3r)
+ Added some troubleshooting info for PHP 5.2.6 in readme.txt. 17/09/09 (ethicalhack3r)
+ Added the upload directory to the upload help. 17/09/09 (ethicalhack3r)
+ Fixed a bug where the logo would not show on first time use. 03/09/2009 (@ethicalhack3r)
+ Removed 'current password' input box for low+med CSRF security. 03/09/2009 (@ethicalhack3r)
+ Added an article which was written for OWASP Turkey. 03/10/2009 (@ethicalhack3r)
+ Added more toubleshooting information. 02/10/2009 (@ethicalhack3r)
+ Stored XSS high now sanitises output. 02/10/2009 (@ethicalhack3r)
+ Fixed a 'bug' in XSS stored low which made it not vulnerable. 02/10/2009 (@ethicalhack3r)
+ Rewritten command execution high to use a whitelist. 30/09/09 (@ethicalhack3r)
+ Fixed a command execution vulnerability in exec high. 17/09/09 (@ethicalhack3r)
+ Added some troubleshooting info for PHP 5.2.6 in readme.txt. 17/09/09 (@ethicalhack3r)
+ Added the upload directory to the upload help. 17/09/09 (@ethicalhack3r)

v1.0.5 (2009-09-03)
======

+ Made IE friendly as much as possible. 30/08/2009 (ethicalhack3r)
+ Removed the acunetix scan report. 30/08/2009 (ethicalhack3r)
+ Added 'Clear Log' button to PHPIDS parser. 27/08/2009 (ethicalhack3r)
+ Implemented PHPIDS log parser. 27/08/2009 (ethicalhack3r)
+ Implemented Stored XSS vulnerability. 27/08/2009 (ethicalhack3r)
+ Added htaccess rule for localhost access only. 22/08/2009 (ethicalhack3r)
+ Added CSRF. 01/08/2009 (ethicalhack3r)
+ Implemented sessions/login. 01/08/2009 (ethicalhack3r)
+ Made IE friendly as much as possible. 30/08/2009 (@ethicalhack3r)
+ Removed the acunetix scan report. 30/08/2009 (@ethicalhack3r)
+ Added 'Clear Log' button to PHPIDS parser. 27/08/2009 (@ethicalhack3r)
+ Implemented PHPIDS log parser. 27/08/2009 (@ethicalhack3r)
+ Implemented Stored XSS vulnerability. 27/08/2009 (@ethicalhack3r)
+ Added htaccess rule for localhost access only. 22/08/2009 (@ethicalhack3r)
+ Added CSRF. 01/08/2009 (@ethicalhack3r)
+ Implemented sessions/login. 01/08/2009 (@ethicalhack3r)
+ Complete recode. (jamesr)
+ Complete redesign. (jamesr)
+ Delimited 'dvwa' in session- minimising the risk of clash with other projects running on localhost. 01/08/2009 (jamesr)
Expand Down
22 changes: 11 additions & 11 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,9 +42,9 @@ along with Damn Vulnerable Web Application (DVWA). If not, see http://www.gnu.o

DVWA is available either as a package that will run on your own web server or as a Live CD:

+ DVWA v1.9 (Testing) - (1.3 MB) [Download ZIP](https://github.com/RandomStorm/DVWA/archive/master.zip) - `git clone https://github.com/RandomStorm/DVWA`
+ DVWA v1.8 (Stable) - (1.3 MB) [Download ZIP](https://github.com/RandomStorm/DVWA/archive/v1.0.8.zip)
+ DVWA v1.0.7 LiveCD - (480 MB) [Download ISO](http://www.dvwa.co.uk/DVWA-1.0.7.iso)
+ DVWA v1.9 Source (Testing) - \[1.3 MB\] [Download ZIP](https://github.com/RandomStorm/DVWA/archive/master.zip) // `git clone https://github.com/RandomStorm/DVWA`
+ DVWA v1.8 Source (Stable) - \[1.3 MB\] [Download ZIP](https://github.com/RandomStorm/DVWA/archive/v1.0.8.zip) - Released 2013-05-01
+ DVWA v1.0.7 LiveCD - \[480 MB\] [Download ISO](http://www.dvwa.co.uk/DVWA-1.0.7.iso) - Released 2010-09-08

- - -

Expand Down Expand Up @@ -90,22 +90,22 @@ $_DVWA[ 'db_database' ] = 'dvwa';
Depening on your Operating System as well as version of PHP, you may wish to alter the default configuration. The location of the files will be different on a per-machine basis.
Note, You are unable to use PHP v7.0 or later with DVWA.

**Folders Permissions**:
**Folder Permissions**:

* `./hackable/uploads/` - Needs to be writable by the web service (for File Upload).
* `./external/phpids/0.6/lib/IDS/tmp/` - Needs to be writable by the web service (if you wish to use PHPIDS).
* `./external/phpids/0.6/lib/IDS/tmp/phpids_log.txt` - Needs to be writable by the web service (if you wish to use PHPIDS).

**PHP**:
**PHP configuration**:

* `allow_url_include = on` - Allows for Remote File Inclusions (RFI) [[allow_url_include](https://secure.php.net/manual/en/filesystem.configuration.php#ini.allow-url-include)]
* `allow_url_fopen = on` - Allows for Remote File Inclusions (RFI) [[allow_url_fopen](https://secure.php.net/manual/en/filesystem.configuration.php#ini.allow-url-fopen)]
* `safe_mode = off` - (If PHP <= v5.4) Allows for SQL Injection (SQLi) [[safe_mode](https://secure.php.net/manual/en/features.safe-mode.php)]
* `magic_quotes_gpc = off` - (If PHP <= v5.4) Allows for SQL Injection (SQLi) [[magic_quotes_gpc](https://secure.php.net/manual/en/security.magicquotes.php)]
* `display_errors = off` - (Optional) Hides PHP warning messages to make it less verbose [[display_errors](https://secure.php.net/manual/en/errorfunc.configuration.php#ini.display-errors)]

**`config/config.inc.php`**:
**File: `config/config.inc.php`**:

* `$_DVWA[ 'recaptcha_public_key' ]` & `$_DVWA[ 'recaptcha_private_key' ]` - Need to be generated from: https://www.google.com/recaptcha/admin/create
* `$_DVWA[ 'recaptcha_public_key' ]` & `$_DVWA[ 'recaptcha_private_key' ]` - These values need to be generated from: https://www.google.com/recaptcha/admin/create

### Default Credentials

Expand All @@ -122,9 +122,9 @@ Login URL: http://127.0.0.1/dvwa/login.php
For the latest troubleshooting information please visit:
https://github.com/RandomStorm/DVWA/issues

+Q. SQL Injection wont work on PHP version 5.2.6.
+Q. SQL Injection wont work on PHP v5.2.6.

-A.If you are using PHP version 5.2.6 you will need to do the following in order for SQL injection and other vulnerabilities to work.
-A.If you are using PHP v5.2.6 you will need to do the following in order for SQL injection and other vulnerabilities to work.

In `.htaccess`:

Expand Down Expand Up @@ -154,7 +154,7 @@ With:

+Q. My XSS payload won't run in IE.

-A. If your running IE8 or above IE actively filters any XSS. To disable the filter you can do so by setting the HTTP header `X-XSS-Protection: 0` or disable it from internet options. There may also be ways to bypass the filter.
-A. If your running IE8 or above, IE actively filters any XSS. To disable the filter you can do so by setting the HTTP header `X-XSS-Protection: 0` or disable it from internet options. There may also be ways to bypass the filter.

- - -

Expand Down
43 changes: 21 additions & 22 deletions about.php
Original file line number Diff line number Diff line change
@@ -1,59 +1,58 @@
<?php

define( 'DVWA_WEB_PAGE_TO_ROOT', '' );
require_once DVWA_WEB_PAGE_TO_ROOT.'dvwa/includes/dvwaPage.inc.php';
require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';

dvwaPageStartup( array( 'phpids' ) );

$page = dvwaPageNewGrab();
$page[ 'title' ] = 'About'.$page[ 'title_separator' ].$page[ 'title' ];
$page[ 'title' ] = 'About' . $page[ 'title_separator' ].$page[ 'title' ];
$page[ 'page_id' ] = 'about';

$page[ 'body' ] .= "
<div class=\"body_padded\">
<h1>About</h1>
<p>Version ".dvwaVersionGet()." (Release date: ".dvwaReleaseDateGet().")</p>
<p>Version " . dvwaVersionGet() . " (Release date: " . dvwaReleaseDateGet() . ")</p>
<p>Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment</p>
<p>The official documentation for DVWA can be found <a href=\"docs/DVWA_v1.3.pdf\">here</a>.</p>
<p>DVWA is a RandomStorm OpenSource project. All material is copyright 2008-2015 RandomStorm & Ryan Dewhurst.</p>
<h2>Links</h2>
<ul>
<li>Homepage: ".dvwaExternalLinkUrlGet( 'http://www.dvwa.co.uk/' )."</li>
<li>Project Home: ".dvwaExternalLinkUrlGet( 'https://github.com/RandomStorm/DVWA' )."</li>
<li>Bug Tracker: ".dvwaExternalLinkUrlGet( 'https://github.com/RandomStorm/DVWA/issues' )."</li>
<li>Souce Control: ".dvwaExternalLinkUrlGet( 'https://github.com/RandomStorm/DVWA/commits/master' )."</li>
<li>Wiki: ".dvwaExternalLinkUrlGet( 'https://github.com/RandomStorm/DVWA/wiki' )."</li>
<li>Homepage: " . dvwaExternalLinkUrlGet( 'http://www.dvwa.co.uk/' ) . "</li>
<li>Project Home: " . dvwaExternalLinkUrlGet( 'https://github.com/RandomStorm/DVWA' ) . "</li>
<li>Bug Tracker: " . dvwaExternalLinkUrlGet( 'https://github.com/RandomStorm/DVWA/issues' ) . "</li>
<li>Souce Control: " . dvwaExternalLinkUrlGet( 'https://github.com/RandomStorm/DVWA/commits/master' ) . "</li>
<li>Wiki: " . dvwaExternalLinkUrlGet( 'https://github.com/RandomStorm/DVWA/wiki' ) . "</li>
</ul>
<h2>Credits</h2>
<ul>
<li>Craig: ".dvwaExternalLinkUrlGet( 'http://www.youreadmyblog.info/','www.youreadmyblog.info' )."</li>
<li>Jamesr: ".dvwaExternalLinkUrlGet( 'https://www.creativenucleus.com/','www.creativenucleus.com' )." / ".dvwaExternalLinkUrlGet( 'http://www.designnewcastle.co.uk/','www.designnewcastle.co.uk' )."</li>
<li>Ryan Dewhurst: ".dvwaExternalLinkUrlGet( 'http://www.ethicalhack3r.co.uk/','www.ethicalhack3r.co.uk' )."</li>
<li>Tedi Heriyanto: ".dvwaExternalLinkUrlGet( 'http://tedi.heriyanto.net/','http://tedi.heriyanto.net' )."</li>
<li>Tom Mackenzie: ".dvwaExternalLinkUrlGet( 'https://www.tmacuk.co.uk/','www.tmacuk.co.uk' )."</li>
<li>RandomStorm: ".dvwaExternalLinkUrlGet( 'https://www.randomstorm.com/','www.randomstorm.com' )."</li>
<li>Jason Jones: ".dvwaExternalLinkUrlGet( 'http://www.linux-ninja.com/','www.linux-ninja.com' )."</li>
<li>Brooks Garrett: ".dvwaExternalLinkUrlGet( 'http://brooksgarrett.com/','www.brooksgarrett.com' )."</li>
<li>g0tmi1k: ".dvwaExternalLinkUrlGet( 'https://blog.g0tmi1k.com/','g0tmi1k.com' )."</li>
<li>Shinkurt: ".dvwaExternalLinkUrlGet( 'http://www.paulosyibelo.com/','www.paulosyibelo.com' )."</li>
<li>Craig: " . dvwaExternalLinkUrlGet( 'http://www.youreadmyblog.info/','www.youreadmyblog.info' ) . "</li>
<li>Jamesr: " . dvwaExternalLinkUrlGet( 'https://www.creativenucleus.com/','www.creativenucleus.com' ) . " / " . dvwaExternalLinkUrlGet( 'http://www.designnewcastle.co.uk/','www.designnewcastle.co.uk' ) . "</li>
<li>Ryan Dewhurst: " . dvwaExternalLinkUrlGet( 'http://www.ethicalhack3r.co.uk/','www.ethicalhack3r.co.uk' ) . "</li>
<li>Tedi Heriyanto: " . dvwaExternalLinkUrlGet( 'http://tedi.heriyanto.net/','http://tedi.heriyanto.net' ) . "</li>
<li>Tom Mackenzie: " . dvwaExternalLinkUrlGet( 'https://www.tmacuk.co.uk/','www.tmacuk.co.uk' ) . "</li>
<li>RandomStorm: " . dvwaExternalLinkUrlGet( 'https://www.randomstorm.com/','www.randomstorm.com' ) . "</li>
<li>Jason Jones: " . dvwaExternalLinkUrlGet( 'http://www.linux-ninja.com/','www.linux-ninja.com' ) . "</li>
<li>Brooks Garrett: " . dvwaExternalLinkUrlGet( 'http://brooksgarrett.com/','www.brooksgarrett.com' ) . "</li>
<li>g0tmi1k: " . dvwaExternalLinkUrlGet( 'https://blog.g0tmi1k.com/','g0tmi1k.com' ) . "</li>
<li>Shinkurt: " . dvwaExternalLinkUrlGet( 'http://www.paulosyibelo.com/','www.paulosyibelo.com' ) . "</li>
</ul>
<ul>
<li>PHPIDS - Copyright (c) 2007 ".dvwaExternalLinkUrlGet( 'http://github.com/PHPIDS/PHPIDS', 'PHPIDS group' )."</li>
<li>PHPIDS - Copyright (c) 2007 " . dvwaExternalLinkUrlGet( 'http://github.com/PHPIDS/PHPIDS', 'PHPIDS group' ) . "</li>
</ul>
<h2>License</h2>
<p>Damn Vulnerable Web Application (DVWA) is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.</p>
<p>The PHPIDS library is included, in good faith, with this DVWA distribution. The operation of PHPIDS is provided without support from the DVWA team. It is licensed under <a href=\"".DVWA_WEB_PAGE_TO_ROOT."instructions.php?doc=PHPIDS-license\">separate terms</a> to the DVWA code.</p>
<p>The PHPIDS library is included, in good faith, with this DVWA distribution. The operation of PHPIDS is provided without support from the DVWA team. It is licensed under <a href=\"" . DVWA_WEB_PAGE_TO_ROOT . "instructions.php?doc=PHPIDS-license\">separate terms</a> to the DVWA code.</p>
<h2>Development</h2>
<p>Everyone is welcome to contribute and help make DVWA as successful as it can be. All contributors can have their name and link (if they wish) placed in the credits section. To contribute pick an Issue from the Project Home to work on or submit a patch to the Issues list.</p>
</div>
";
</div>\n";

dvwaHtmlEcho( $page );
exit;
Expand Down
9 changes: 5 additions & 4 deletions config/config.inc.php
Original file line number Diff line number Diff line change
Expand Up @@ -17,17 +17,18 @@
$_DVWA[ 'db_user' ] = 'root';
$_DVWA[ 'db_password' ] = 'p@ssw0rd';

# Only used for PostgreSQL/PGSQL
# Only used with PostgreSQL/PGSQL database selection.
$_DVWA[ 'db_port '] = '5432';

# ReCAPTCHA settings
# Get your keys at https://www.google.com/recaptcha/admin/create
# Used for the 'Insecure CAPTCHA' module
# You'll need to generate your own keys at: https://www.google.com/recaptcha/admin/create
$_DVWA[ 'recaptcha_public_key' ] = '';
$_DVWA[ 'recaptcha_private_key' ] = '';

# Default security level
# The default is impossible, you may wish to set this to either low, medium or high.
# If you specify an invalid level, DVWA will default to impossible.
# Default value for the secuirty level with each session.
# The default is 'impossible'. You may wish to set this to either 'low', 'medium', 'high' or impossible'.
$_DVWA[ 'default_security_level' ] = 'impossible';

?>
Loading

0 comments on commit 08f744e

Please sign in to comment.