【笔记】DVWA环境部署

发表于 更新于 阅读次数:

前言

Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid both students & teachers to learn about web application security in a controlled class room environment.(Github

准备工作

  • 下载项目
1
git clone https://github.com/digininja/DVWA.git
  • Apache环境
  • PHP环境
  • Mysql环境

phpStudy 2016 集成环境

部署环境

  • 移动DVWA目录到phpStudy/WWW/目录下

第一步配置

  • 访问http://localhost/DVWA/,此时会报错:DVWA System error - config file not found. Copy config/config.inc.php.dist to config/config.inc.php and configure to your environment.

原因

  • 没有添加配置文件

解决问题

  • 将配置文件复制一份,并将后缀名改为.php
1
2
cd phpStudy\WWW\DVWA\
copy .\config\config.inc.php.dist .\config\config.inc.php

第二步配置

  • 修改配置文件中Mysql相关配置
/phpStudy/WWW/DVWA/config/config.inc.php
1
2
3
4
5
6
$_DVWA = array();
$_DVWA[ 'db_server' ]   = '127.0.0.1';
$_DVWA[ 'db_database' ] = 'dvwa';
$_DVWA[ 'db_user' ]     = 'root';
$_DVWA[ 'db_password' ] = 'root';
$_DVWA[ 'db_port'] = '3306';

第三步配置

  • 访问http://localhost/DVWA/,此时会进入初始化页面,将报红的PHP配置修改一下

  • 例如我这里PHP function allow_url_include配置报红Disabled

解决问题

  • 修改配置文件806行,改为On
/php/php.ini
1
allow_url_include = On

第四步配置

  • 访问http://localhost/DVWA/,此时会进入初始化页面,此时所有报红问题已解决,点击Create / Reset Database创建数据库

登录

  • 环境部署完成

username:admin
password:password

完成

  • 截图纪念

参考文献

哔哩哔哩——千锋网络安