Damn Vulnerable Web Application (DVWA)

From Alpine Linux
Revision as of 09:42, 13 January 2013 by Fab (talk | contribs)
Jump to: navigation, search

For testing web security tools a target which has plenty vulnerabilities is needed. The Damn Vulnerable Web Application (DVWA) provides a PHP/MySQL web application that is damn vulnerable.

Install lighttpd, PHP, and MySql

For installing the additional packages first activate community packages:

vi /etc/apk/repositories

Uncomment the following:


Update the packagelist:

apk update

Install the additional packages:

apk add lighttpd php7-common php7-session php7-iconv php7-json php7-gd php7-curl php7-xml php7-mysqli php7-imap php7-cgi fcgi php7-pdo php7-pdo_mysql php7-soap php7-xmlrpc php7-posix php7-mcrypt php7-gettext php7-ldap php7-ctype php7-dom

Configure Lighttpd

Edit lighttpd.conf

vi /etc/lighttpd/lighttpd.conf

Uncomment line:

include "mod_fastcgi.conf"

Start lighttpd service and add to needed runlevel

rc-service lighttpd start && rc-update add lighttpd default

Install extra packages:

apk add php-mysql mysql mysql-client

Installing and configuring Piwik

Create the a folder named webapps

mkdir -p /usr/share/webapps/

Download the source archive and unpack it

cd /usr/share/webapps/ wget http://dvwa.googlecode.com/files/DVWA-1.0.7.zip

Unpack the archive and remove it

unzip DVWA-1.0.7.zip rm DVWA-1.0.7.zip

Change the folder permissions

chmod -R 777 /usr/share/webapps/

Create a symlinks to the folder dvwa

ln -s /usr/share/webapps/dvwa/ /var/www/localhost/htdocs/dvwa

Configuration and start MySql

/usr/bin/mysql_install_db --user=mysql /etc/init.d/mysql start && rc-update add mysql default /usr/bin/mysqladmin -u root password 'password'

Modify the database credentials within DVWA configuration file /config/config.inc.php

nano -w /usr/share/webapps/dvwa/config/config.inc.php

To complete the setup, browse to the DVWA directory on the webserver.


Follow the link to setup the database.