Damn Vulnerable Web Services: A Vulnerable Testing Environment
Damn Vulnerable Web Services is a vulnerable testing environment. Damn Vulnerable Web Services can be used to learn real world web service vulnerabilities.
Aim of the Damn Vulnerable Web Services:
- To aid security professionals in testing their skills.
- To test their tools in a legal environment.
Following are the vulnerabilities which are exploited by this applications.
- REST API SQL Injection
- WSDL Scanning
- Server Side Request Forgery
- Cross Site-Tracing
- OS Command Injection
- XML External Entity Injection
- XPATH Injection
- XML Bomb Denial-of-Service
XAMPP setup is used with the DVWS, which is afree and open source cross-platform web server solution. XAMPP is consists of MySQL database and Apache Web Server. To setup, download and install the XAMPP setup first. After that you have to download the dvws folder and copy the folder to your htdocs directory. Whatever the Lastly, Setup or reset the database by going to http://localhost/dvws/about/instructions.php
Note: Due to the compatibility issue may be some vulnerabilities such as Command Injection might not work.
The disclaimer is that this application should not be hosted on live or production environment.
Licensed is under GNU GENERAL PUBLIC LICENSE Version 3.
To view a copy of this license, you can also visit through this link (http://www.gnu.org/licenses/gpl-3.0.txt)
To do list:
- XML Injection
- SOAP Injection
- JSON Hijacking