Skip to main content


Showing posts from September, 2011

Command Execution on DVWA

So, the other day, I started delving into webappsec and I hit a bummer very soon and hence this post.
Getting started in webappsec is not that hard actually, there are tons of resources for that, just Google it.
I think the best way to learn something is by doing it actually. There are many "vulnerable by design" distros and live sites to practice web application hacking.
In this post I am going to write about DVWA and Command Execution vulnerability which is present in it and how to exploit it.
This being the first post regarding DVWA, I will start with the setup and tools required for this part. Lets get started!