Damn Vulnerable Web App (DVWA) v1.0.5 has been officially released today at 18:30 GMT on the 03/09/2009 after 3 months of work.
Stored XSS vulnerability.
Full Path Disclosure vulnerability.
Many bug fixes.
+ much more
Big thanks to the DVWA team!
Want to try the new version of dvwa before it has been released?
The new version of dvwa is a complete code re-write and partial re-design with more vulnerabilities for you to exploit.
If you download it dont forget to leave us some feedback!
svn co https://dvwa.svn.sourceforge.net/svnroot/dvwa dvwa
After a month of coding Damn Vulnerable Web App (dvwa) v1.0.4 is ready for download.
dvwa v1.0.4 has many changes from the 1.0.3 version. Mostly bug fixes and better design changes.
1.0.4 Change log:
Added acunetix scan report. 24/06/2009
All links use http://hiderefer.com to hide referrer header. 23/06/2009
Updated/added ‘more info’ links. 23/06/2009
Moved change log info to CHANGELOG.txt. 22/06/2009
Fixed the exec.php UTF-8 output. 16/06/2009
Moved Help/View source buttons to footer. 12/06/2009
Fixed phpInfo bug. 12/06/2009
Made dvwa IE friendly. 11/06/2009
Fixed html bugs. 11/06/2009
Added more info to about page. 03/06/2009
Added pictures for the users. 03/06/2009
Fixed typos on the welcome page. 03/06/2009
Improved README.txt and fixed typos. 03/06/2009
Made SQL injection possible in sqli_med.php. Thanks to Teodor Lupan. 03/06/2009... read more
That’s right, YOU!
Damn Vulnerable Web App is an open source project and in order for it to be successful we need your contributions. So far dvwa has been solely developed by me with some help from a couple of friends, I my self cannot make the project as successful as it can be.
We need contributions of any kind, suggestions, design, marketing, coding, ect…
What benefits are their to contributing to an open source project? Lots! It enables you to enhance your skills/knowledge, it looks good on your CV, it gets your name/website around, it shows future employers that your dedicated to enhancing the security industry and much more…... read more
Changed XAMPP link in index.php. 25/05/2009
Set default security to low. 25/05/2009
Improved output in setup.php. 25/05/2009
Removed phpinfo on higher security levels. 24/05/2009
Moved all vulnerable code to /source/. 24/05/2009
Added viewsource. 24/05/2009
Implemented different security levels. 24/05/2009
Changed XSS from POST to GET. 22/05/2009
Some changes to CSS. 22/05/2009
Version number now in variable in header.php. 21/05/2009
Added about page. 21/05/2009
Updated login script to use database. 21/05/2009
Added admin user to database. 21/05/2009
Combined RFI + LFI to make 'File Inclusion'. 21/05/2009
More realism to Local File Inclusion. 21/05/2009
Better error output on upload script. 21/05/2009
Ive been working on version 1.0.1 non stop since the release of version 1. Version 1.0.1 has more realism and even has "security levels" which you can change from low, medium to high. Low = no security Medium = some security High = Unhackable (hopefully)
I will release version 1.0.1 as soon as I can iron out a couple of bugs which have cropped up. I will try and figure out this svn thingy ma bob so I can get you people involved in the project.... read more
Check out the new and improved version of Damn Vulnerable Web App!