最近在学web安全,于是准备拿DVWA来练一练手,现将学习过程总结如下,旨在与朋友们交流,错误的地方还望大家指正。
学习目录
DVWA-1.1 Brute Force(暴力破解)-Low
DVWA-1.2 Brute Force(暴力破解)-Medium
DVWA-1.3 Brute Force(暴力破解)-High-绕过token
DVWA-1.4 Brute Force(暴力破解)-Impossible
DVWA-2.1 Command Injection(命令注入)-Low
DVWA-2.2 Command Injection(命令注入)-Medium-绕过弱的黑名单
DVWA-2.3 Command Injection(命令注入)-High-绕过强的黑名单
DVWA-2.4 Command Injection(命令注入)-Impossible-安全的白名单
DVWA-3.1 CSRF(跨站请求伪造)-Low
DVWA-3.2 CSRF(跨站请求伪造)-Medium-绕过Referer验证
DVWA-3.3 CSRF(跨站请求伪造)-High-绕过token
DVWA-3.4 CSRF(跨站请求伪造)-Impossible
DVWA-4.1 File Inclusion(文件包含)-Low
DVWA-4.2 File Inclusion(文件包含)-Medium-双写绕过str_replace替换规则
DVWA-4.3 File Inclusion(文件包含)-High-利用file协议绕过防护策略
DVWA-4.4 File Inclusion(文件包含)-Impossible-白名单
DVWA-5.1 File Upload(文件上传)-Low
DVWA-5.2 File Upload(文件上传)-Medium-绕过文件类型限制
DVWA-5.3 File Upload(文件上传)-High-绕过文件类型限制
DVWA-5.4 File Upload(文件上传)-Impossible
DVWA-6.1 Insecure CAPTCHA(不安全的验证码)-Low
DVWA-6.2 Insecure CAPTCHA(不安全的验证码)-Medium
DVWA-6.3 Insecure CAPTCHA(不安全的验证码)-High
DVWA-6.4 Insecure CAPTCHA(不安全的验证码)-Impossible
DVWA-7.1 SQL Injection(SQL注入)-Low
DVWA-7.2 SQL Injection(SQL注入)-Medium-绕过引号转义
DVWA-7.3 SQL Injection(SQL注入)-High
DVWA-7.4 SQL Injection(SQL注入)-Impossible
DVWA-8.1 SQL Injection (Blind)(SQL盲注)-Low
DVWA-8.2 SQL Injection (Blind)(SQL盲注)-Medium
DVWA-8.3 SQL Injection (Blind)(SQL盲注)-High
DVWA-8.4 SQL Injection (Blind)(SQL盲注)-Impossible
DVWA-9.1 Weak Session IDs(弱会话ID)-Low
DVWA-9.2 Weak Session IDs(弱会话ID)-Medium
DVWA-9.3 Weak Session IDs(弱会话ID)-High
DVWA-9.4 Weak Session IDs(弱会话ID)-Impossible
DVWA-10.1 XSS (DOM)(DOM型跨站脚本攻击)-Low
DVWA-10.2 XSS (DOM)(DOM型跨站脚本攻击)-Medium
DVWA-10.3 XSS (DOM)(DOM型跨站脚本攻击)-High-锚的使用
DVWA-10.4 XSS (DOM)(DOM型跨站脚本攻击)-Impossible
DVWA-11.1 XSS (Reflected)(反射型跨站脚本)-Low
DVWA-11.2 XSS (Reflected)(反射型跨站脚本)-Medium
DVWA-11.3 XSS (Reflected)(反射型跨站脚本)-High
DVWA-11.4 XSS (Reflected)(反射型跨站脚本)-Impossible
DVWA-12.1 XSS (Stored)(存储型跨站脚本)-Low
DVWA-12.2 XSS (Stored)(存储型跨站脚本)-Medium
DVWA-12.3 XSS (Stored)(存储型跨站脚本)-High
DVWA-12.4 XSS (Stored)(存储型跨站脚本)-Impossible
DVWA-13.1 CSP Bypass(绕过浏览器的安全策略)-Low
DVWA-13.2 CSP Bypass(绕过浏览器的安全策略)-Medium
DVWA-13.3 CSP Bypass(绕过浏览器的安全策略)-High?
DVWA-13.4 CSP Bypass(绕过浏览器的安全策略)-Impossible
DVWA-14.1 JavaScript(JS攻击)-Low
DVWA-14.2 JavaScript(JS攻击)-Medium
DVWA-14.3 JavaScript(JS攻击)-High-JS混淆逆向
DVWA-14.4 JavaScript(JS攻击)-Impossible