Skip to content

Releases: digininja/DVWA

Cryptography Module

23 Sep 10:27
@digininja digininja
2.4
947d5d3
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Cryptography Module

The new crypto module has been merged into the main branch.

Assets 2
Loading

Container Support

11 Jun 11:39
@digininja digininja
2.3
34a10d4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Container Support Latest
Latest

Easy built in support for containers by @hoang-himself .

Contributors

hoang-himself
Assets 2
Loading

cookies on non-standard port

22 Mar 11:18
@digininja digininja
2.2.2
97c8d23
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
cookies on non-standard port

Fixed a bug where the session cookie would not be set correctly if the web server was running on a non-standard port.

Assets 2
Loading

Open HTTP Redirect

10 Mar 14:20
@digininja digininja
2.2
897fb0f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Open HTTP Redirect

A new, Open HTTP Redirect vulnerability has been added.

Assets 2
Loading

Removed PHP IDS

10 Mar 15:05
@digininja digininja
2.2.1
1ef8152
Compare
Choose a tag to compare
Removed PHP IDS

Was never used so removed it.

Assets 2
Loading

Authorisation Bypass

29 Jan 21:36
@digininja digininja
2.1
3663d72
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Authorisation Bypass

Merging in the new Authorisation Bypass module

Assets 2
Loading

Moved from Pastebin to Hastebin for CSP low

13 Sep 15:00
@digininja digininja
2.0.1
f713401
Compare
Choose a tag to compare
Moved from Pastebin to Hastebin for CSP low

Pastebin are now adding a nosniff header so moved to Hastebin for the low level CSP lab.

Also fixed some broken links.

Assets 2
Loading

A fresh start

05 Aug 15:43
@digininja digininja
2.0
827fdd0
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
A fresh start

There hasn't been a release for a very long time, so this one brings the last 5 years together into a big release.

Assets 2
Loading

v1.9

05 Oct 07:53
@ethicalhack3r ethicalhack3r
v1.9
3cd38c4
Compare
Choose a tag to compare
v1.9
  • Added a dedicated objective (or "flag") for file include. (@g0tmi1k)
  • Added a warning to any module that requires a certain configuration. (@g0tmi1k)
  • Added comments to all source code that would be visible via DVWA modules. (@g0tmi1k)
  • Added CSRF token to pre-auth forms (login/setup/security pages). (@g0tmi1k + @Shinkurt)
  • Added HttpOnly cookie flag on impossible levels. (@g0tmi1k)
  • Added more detail to the documentation. (@g0tmi1k)
  • Added PDO to all impossible levels requiring MySQL. (@g0tmi1k)
  • Added PHPIDS options into the config file. (@g0tmi1k)
  • Added system check to setup. (@g0tmi1k)
  • Added various information to all help pages for every module. (@g0tmi1k)
  • Changed brute force medium to be harder due to sleep. (@g0tmi1k)
  • Changed file include landing page + added 3x example pages. (@g0tmi1k)
  • Changed file include medium to be harder due to more filters. (@g0tmi1k)
  • Changed HTTP REFERER check for medium level CSRF. (@g0tmi1k)
  • Changed input box for medium level with SQLi + SQLi Blind. (@g0tmi1k)
  • Changed SQLi + SQLi Blind to be $_POST rather than $_GET. (@g0tmi1k)
  • Changed SQLi Blind to be a real example of the vulnerability. (@g0tmi1k)
  • Fixed brute force and file upload impossible levels, as they were vulnerable. (@g0tmi1k + @Shinkurt)
  • Fixed bug with file fnclude page not loading. (@g0tmi1k)
  • Fixed CAPTCHA bug to read URL parameters on impossible. (@g0tmi1k)
  • Fixed CAPTCHA bug where the form wouldn't be visible. (@g0tmi1k)
  • Fixed CAPTCHA bug where the URL parameters were not being used for low + medium. (@g0tmi1k)
  • Fixed CSRF medium level bug when not on localhost. (@g0tmi1k)
  • Fixed setup bug with custom URL path. (@g0tmi1k)
  • Removed PostgreSQL DB support. (@g0tmi1k)
  • Renamed 'Command Execution' to 'Command Injection'. (@g0tmi1k)
  • Renamed 'high' level to 'impossible' and created new vectors for 'high'. (@g0tmi1k)
  • Updated README and documentation. (@g0tmi1k)
  • Various code cleanups in the core PHP files+CSS. (@g0tmi1k)
  • Various setup improvements (e.g. redirection + limited menu links). (@g0tmi1k)
Assets 2
Loading