- Learning Web Application Security (hacking) with DVWA on Linux

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

DO NOT USE THIS ON A LIVE ENVIRONMENT

In its latest release (version 1.0.6), it has the following vulnerabilities :
  * SQL Injection
  * XSS Stored/Reflected
  * LFI (Local File Inclusion)
  * RFI (Remote File Inclusion)
  * Command Execution
  * Upload Script
  * Login Brute Force
  * Full Path Disclosure
  * PHP-IDS
And much more...

Installation:
Download the latest version - here
Simply unzip dvwa.zip, place the unzipped files in your public html folder, then point your browser to http://127.0.0.1/dvwa/index.php
Default username = admin
Default password = password
Database Setup
To set up the database, simply click on the Setup button in the main menu, then click on the ’Create / Reset Database’ button. This will create / reset the database for you with some data in.

If you receive an error while trying to create your database, make sure your database credentials are correct within /config/config.inc.php
$_DVWA[ 'db_user' ] = 'your_database_username';
$_DVWA[ 'db_password' ] = 'your_database_password';
$_DVWA[ 'db_database' ] = 'your_database_name';
More information, Official Web Site: DVWA

Disclaimer
We do not take responsibility for the way in which any one uses Damn Vulnerable Web App (DVWA). We have made the purposes of the application clear and it should not be used maliciously. We have given warnings and taken measures to prevent users from installing DVWA on to live web servers. If your web server is compromised via an installation of DVWA it is not our responsibility it is the responsibility of the person/s who uploaded and installed it.


source:http://linuxpoison.blogspot.com/2010/04/135781677512012.html