Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities.

Related tags

Security dvws
Overview

Damn Vulnerable Web Services

NOTE: This project is out of date, please use https://github.com/snoopysecurity/dvws-node

Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities. The aim of this project is to help security professionals learn about Web Application Security through the use of a practical lab environment.

DVWS

This application includes the following vulnerabilities.

  • WSDL Enumeration
  • XML External Entity Injection
  • XML Bomb Denial-of-Service
  • XPATH Injection
  • WSDL Scanning
  • Cross Site-Tracing
  • OS Command Injection
  • Server Side Request Forgery
  • REST API SQL Injection
  • Same Origin Method Execution
  • JSON Web Token (JWT) Secret Key Brute Force
  • Cross-Origin Resource Sharing

Instructions

DVWS can be used with a XAMPP setup. XAMPP is a free and open source cross-platform web server solution which mainly consists of an Apache Web Server and MySQL database. To setup, download and install the XAMPP setup first. Next, download the dvws folder and copy the folder to your htdocs directory. Lastly, Setup or reset the database by going to http://localhost/dvws/instructions.php

Note: PHP 5.5.38 is required for most of the exercises to work correctly.

Disclaimer

Do not host this application on live or production environment.

Copyright

This work is licensed under GNU GENERAL PUBLIC LICENSE Version 3 To view a copy of this license, visit http://www.gnu.org/licenses/gpl-3.0.txt

To Do list

  • JSON Hijacking
  • SOAP Injection
  • XML Injection
Comments
  • XXE Vulnerability

    XXE Vulnerability

    Hi,

    As mentioned by you, there are not many practical environments available for hacking web services, I am glad you created dvws.

    I am trying to exploit XXE, and tried different payloads. Its not working. below is request and payloads which i tried.

    POST /dvws/vulnerabilities/xxe/ HTTP/1.1 Host: 192.168.2.2 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://192.168.2.2/dvws/vulnerabilities/xxe/ Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 84

    ]>

    name=&xxe;

    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    and i tried to include just entity, even this does not works.

    ]>

    name=&xxe;

    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    I tried xml tag too, no luck.

    ]>

    name=&xxe;

    opened by prvnkumark 6
  • Integration of OpenAPI specification or document for vulnerable endpoints.

    Integration of OpenAPI specification or document for vulnerable endpoints.

    Thanks for this very useful tool. I will like to recommend integration of a feature. Since there is already a WADL component, how about defining a document that contains the vulnerable endpoints in DVWS ? A possible standard could be using the Open API (formerly Swagger). The OpenAPI is getting popular and its inclusion could be a very useful functionality for REST security testing. Cheers !

    enhancement 
    opened by SyCode7 2
  • REST API SQL Injection is broken

    REST API SQL Injection is broken

    REST API SQL Injection is broken. When "/dvws/vulnerabilities/sqli/api.php/users/2" is called it returns "Fatal error: Uncaught Error: Call to undefined function mysql_connect()"

    opened by vishrantkhanna 1
  • $id not defined

    $id not defined

    This might be deliberate but $id is not defined in dvws/vulnerabilities/wsdlenum/functions.php if a username is passed that isn't in the $details array.

    This is what gets returned:

    <br />
<b>Notice</b>:  Undefined variable: id in <b>/var/sites/dvws/secure/htdocs/dvws/vulnerabilities/wsdlenum/functions.php</b> on line <b>36</b><br />
<?xml version="1.0" encoding="ISO-8859-1"?><SOAP-ENV:Envelope SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><ns1:check_user_idResponse xmlns:ns1="http://schemas.xmlsoap.org/soap/envelope/"><return xsi:nil="true" xsi:type="xsd:string"/></ns1:check_user_idResponse></SOAP-ENV:Body></SOAP-ENV:Envelope>
    opened by digininja 1
  • Major bugfixes, 3 new vulnerabilities, description rewrite

    Major bugfixes, 3 new vulnerabilities, description rewrite

    • SSRF vulnerability rewritten
    • WSDL function name rewritten, added base-name to all links
    • New vulnerabilities added : JWT brute force, Cross-Origin Resource Sharing, Same Origin Method Execution.
    • Vulnerability description rewritten

    Resolves: #3 Resolves: #4

    opened by snoopysecurity 0
Owner
Sam Sanoop
Sam S
Sam Sanoop
GitHub
phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code

phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code.

Floe design + technologies 654 Dec 28, 2022
CrimeFlare - This tools can help you to see the real IP behind CloudFlare protected websites

CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting information is certainly very useful for conducting further penetration testing, and analyzing websites with the same server.

Zidan Rahmandani 428 Jan 3, 2023
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

About SecLists SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected i

Daniel Miessler 44.1k Jan 7, 2023
Fast, general Elliptic Curve Cryptography library. Supports curves used in Bitcoin, Ethereum and other cryptocurrencies (secp256k1, ed25519, ..)

Fast Elliptic Curve Cryptography in PHP Information This library is a PHP port of elliptic, a great JavaScript ECC library. Supported curve types: Sho

Simplito 178 Dec 28, 2022
Automatic Encrypt and Decrypt your database data. Tested and used on Laravel 8

Laravel Encrypt Database Automatic Encrypt and Decrypt your database data. Tested and used on Laravel 8. I'm yet building the tests. Important Note th

Wellington Barbosa 2 Dec 15, 2021
Web Shells that can bypass system firewalls

No System Is Safe Summary Tsayou web shell is a backdoor built using the PHP programming language and designed to bypass multiple system firewalls on

22XploiterCrew 26 Jun 21, 2021
A proof of concept of a PHP Miner that can mine DuinoCoin

Duino Coin - PHP Miner This is a proof of concept. This miner is provided as is, with no guarantee it will work as intended for you.

Ricardo Fiorani 10 Sep 7, 2022
An SSL/TLS service for Laravel

An SSL/TLS service for Laravel. Use the openssl driver it includes or create your own custom driver.

null 1 Oct 31, 2021
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application

PHPIDS PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web ap

null 752 Jan 3, 2023
Web Application Firewall (WAF) package for Laravel

Web Application Firewall (WAF) package for Laravel This package intends to protect your Laravel app from different type of attacks such as XSS, SQLi,

Akaunting 681 Jan 3, 2023
The Security component provides a complete security system for your web application.

Security Component The Security component provides a complete security system for your web application. It ships with facilities for authenticating us

Symfony 1.2k Jan 1, 2023
WebVulScan - a web application vulnerability scanner

WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities.

Dermot Blair 145 Nov 20, 2022
CORS (Cross-Origin Resource Sharing) middleware for Hyperf application.

CORS Middleware for Hyperf Implements fruitcake/laravel-cors for Hyperf. Features Handles CORS pre-flight OPTIONS requests Adds CORS headers to your r

Gang Wu 8 Sep 19, 2022
A simple PHP web backdoor allows you to retrieve directory/file contents and upload file(s) from the local machine or remote URL.

Simple PHP Web Backdoor A simple PHP web backdoor allows you to retrieve directory/file contents and upload file(s) from the local machine or remote U

Aqhmal Hafizi 15 Oct 7, 2022
The new generation of famous WSO web shell. With perks included

wso-ng New generation of famous WSO web shell. With perks included default password is "root" changes can now hook password when loaded via stub <?php

0xbadad 12 Oct 5, 2022
sqlscan is quick web scanner for find an sql inject point

sqlscan sqlscan is quick web scanner for find an sql inject point. not for educational, this is for hacking. use sitemap for best result Simple to use

Bellatrix Lugosi 133 Dec 29, 2022
Web page performance/seo/security/accessibility analysis, browser-less for PHP

Web page performance/seo/security/accessibility analysis, browser-less for PHP

Lightship 5 Dec 15, 2022
Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable.

Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid both students & teachers to learn about web application security in a controlled class room environment.

Robin Wood 7k Jan 5, 2023
Damn Vulnerable PHP Application (DVPA)

Damn Vulnerable PHP Application (DVPA) - It is Lab Written in The PHP lang, Which Contains PHP Type Juggling - RCE Challenges

Cobra 28 Oct 21, 2022
ChestRandomBP: This plugin generates chests in random places within a specific world. Where you can customize what each one of them contains, the time and the world of spawning.

ChestRandomBP ChestRandomBP: This plugin generates chests, it works PocketMine-MP and random places within a specific world. Where you can customize w

null 5 Sep 19, 2021