DVWA(Damn Vulnerable Web Application)是一款比较著名的漏洞靶场,采用PHP+Mysql编写的一套用于常规WEB漏洞教学和检测的WEB脆弱性测试程序。包含了SQL注入、XSS、盲注等常见的一些安全漏洞。旨在为安全专业人员测试自己的专业技能和工具提供合法的环境,帮助web开发者更好的理解web应用安全防范的过程。
# If you are having problems connecting to the MySQL database and all of the variables below are correct # try changing the 'db_server' variable from localhost to 127.0.0.1. Fixes a problem due to sockets. # Thanks to @digininja for the fix.
# Database management system to use $DBMS = 'MySQL'; #$DBMS = 'PGSQL'; // Currently disabled
# Database variables # WARNING: The database specified under db_database WILL BE ENTIRELY DELETED during setup. # Please use a database dedicated to DVWA. # # If you are using MariaDB then you cannot use root, you must use create a dedicated DVWA user. # See README.md for more information on this. $_DVWA = array(); $_DVWA[ 'db_server' ] = '127.0.0.1'; $_DVWA[ 'db_database' ] = 'dvwa'; $_DVWA[ 'db_user' ] = 'root'; $_DVWA[ 'db_password' ] = '123456'; $_DVWA[ 'db_port'] = '3306';
# ReCAPTCHA settings # Used for the 'Insecure CAPTCHA' module # You'll need to generate your own keys at: https://www.google.com/recaptcha/admin $_DVWA[ 'recaptcha_public_key' ] = 'mikezhou'; $_DVWA[ 'recaptcha_private_key' ] = 'mikezhou';
# Default security level # Default value for the security level with each session. # The default is 'impossible'. You may wish to set this to either 'low', 'medium', 'high' or impossible'. $_DVWA[ 'default_security_level' ] = 'impossible';
# Default PHPIDS status # PHPIDS status with each session. # The default is 'disabled'. You can set this to be either 'enabled' or 'disabled'. $_DVWA[ 'default_phpids_level' ] = 'disabled';
# Verbose PHPIDS messages # Enabling this will show why the WAF blocked the request on the blocked request. # The default is 'disabled'. You can set this to be either 'true' or 'false'. $_DVWA[ 'default_phpids_verbose' ] = 'false';