Skip to content

OscarYR/DVWA_Writeups

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

230 Commits
01. Brute Force
01. Brute Force
 
 
02. Command Execution
02. Command Execution
 
 
03. Cross Site Request Forgery
03. Cross Site Request Forgery
 
 
04. File Inclusion
04. File Inclusion
 
 
05. File Upload
05. File Upload
 
 
06. Insecure CAPTCHA
06. Insecure CAPTCHA
 
 
07. SQL Injection
07. SQL Injection
 
 
08. Blind SQL Injection
08. Blind SQL Injection
 
 
09. Weak Session IDs
09. Weak Session IDs
 
 
10. DOM XSS
10. DOM XSS
 
 
11. Reflected XSS
11. Reflected XSS
 
 
12. Stored XSS
12. Stored XSS
 
 
13. CSP Bypass
13. CSP Bypass
 
 
14. JavaScript
14. JavaScript
 
 
15. Authentication Bypass
15. Authentication Bypass
 
 
16. Open HTTP Redirect
16. Open HTTP Redirect
 
 
17. Cryptography Problems
17. Cryptography Problems
 
 
18. API Security
18. API Security
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
Setup.md
Setup.md
 
 

Repository files navigation

DVWA Web Application Write-Ups

This repository contains a series of my writeups for DVWA (Damn Vulnerable Web Application), a purposefully insecure web application used to practice and learn various web security vulnerabilities.

These walkthroughs were done in a lab environment using:

  • Kali Linux
  • Both self-hosted DVWA & DVWA in Metasploitable 2

💡 Covered Vulnerabilities

Each writeup contains:

  • Step-by-step exploitation
  • Tool usage
  • Screenshots
  • Observations across Low, Medium, and High difficulty levels
  • Skills and techniques learned

📁 Writeups So Far

Challenges Difficulty Status
Brute Force Low / Medium / High ✅ Completed
Command Execution Low / Medium / High ✅ Completed
Cross Site Request Forgery Low / Medium / High ✅ Completed
File Inclusion Low / Medium / High ✅ Completed
File Upload Low / Medium / High ✅ Completed
Insecure CAPTCHA Low / Medium / High ✅ Completed
SQL Injection Low / Medium / High ✅ Completed
Blind SQL Injection Low / Medium / High ✅ Completed
Weak Session IDs Low / Medium / High ✅ Completed
DOM XSS Low / Medium / High ✅ Completed
Reflected XSS Low / Medium / High ✅ Completed
Stored XSS Low / Medium / High ✅ Completed
CSP Bypass Low / Medium / High ✅ Completed
JavaScript Low / Medium / High ✅ Completed
Authentication Bypass Low / Medium / High ✅ Completed
Open HTTP Redirect Low / Medium / High ✅ Completed
Cryptography Problems Low / Medium / High ✅ Completed
API Security Low / Medium / High ✅ Completed

🧠 Skills Learned

  • Exploitation of common web vulnerabilities (e.g., SQLi, XSS, CSRF, File Inclusion) across different difficulty levels with hands-on testing
  • Manual and automated testing using Burp Suite, including request manipulation, repeater, intruder, and proxy tools
  • Client-side and server-side analysis using browser developer tools and JavaScript debugging to uncover hidden logic or bypasses
  • Enumeration and abuse of misconfigured APIs and cryptographic implementations, including IDORs, insecure JWTs, and padding oracles
  • Practical understanding of real-world attack chains, from reconnaissance to privilege escalation and persistence

📚 Resources

📌 Notes

  • All activities were performed in a safe lab environment
  • Educational purposes only

About

My DVWA challenge writeups

Topics

dvwa dvwa-writeups

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Contributors