Switch branches/tags
Nothing to show
Find file History
Latest commit d881277 Feb 3, 2017
Permalink
..
Failed to load latest commit information.
README.md Add DSVW Feb 3, 2017

README.md

DSVW

Sign

Damn Small Vulnerable Web Python 2.6|2.7 License

Damn Small Vulnerable Web (DSVW) 是使用 python 来模仿 Web 应用漏洞的 Web 程序,py 代码只在 100 以内。 这个项目以教育为目的, 它支持大多数(最受欢迎的)Web应用程序漏洞以及适当的攻击。

XSS

依赖环境

  • Python (2.6.x2.7.x)。

  • 依赖 python-lxml (e.g. apt-get install python-lxml)。

安装部署

git clone git@github.com:stamparm/DSVW.git

快速启动

运行下面命令启动:

$ python dsvw.py
Damn Small Vulnerable Web (DSVW) < 100 LoC (Lines of Code) #v0.1k
 by: Miroslav Stampar (@stamparm)

[i] running HTTP server at '127.0.0.1:65412'...

浏览器访问 http://127.0.0.1:65412 即可。

DSVW

Attacks:

  • Blind SQL Injection (boolean)
  • Blind SQL Injection (time)
  • UNION SQL Injection
  • Login Bypass
  • HTTP Parameter Pollution
  • Cross Site Scripting (reflected)
  • Cross Site Scripting (stored)
  • Cross Site Scripting (DOM)
  • Cross Site Scripting (JSONP)
  • XML External Entity (local)
  • XML External Entity (remote)
  • Server Side Request Forgery
  • Blind XPath Injection (boolean)
  • Cross Site Request Forgery
  • Frame Injection (phishing)
  • Frame Injection (content spoofing)
  • Clickjacking - -|exploit|info
  • Unvalidated Redirect
  • Arbitrary Code Execution
  • Full Path Disclosure
  • Source Code Disclosure
  • Path Traversal
  • File Inclusion (remote)
  • HTTP Header Injection (phishing)
  • Component with Known Vulnerability (pickle)
  • Denial of Service (memory)

官方地址

https://github.com/stamparm/DSVW