Thanks for the feedback!

Ive taken your comments into consideration and implemented most of them! 

I have formatted the source code so that it is easyer to read.

Added MD5 encryption to the password's that get inserted into the 'users' table, so when exploiting the SQL injection one can retrive them and crack them.

Im thinking of adding a 'Tools:' section under 'More info:' to add links to commonly used tools for each vulnerability.

Thanks again!!

Damn Vulnerable Web App (DVWA) is a web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit. It has been developed for the use of information security professionals and students to test out their skillz and/or toolz in a legal environment.

WARNING!
Damn Vulnerable Web App is damn vulnerable! So don’t upload it to your hosting provider’s public html folder or have it up on any working web site as it will be hacked. I recommend downloading and installing Apache, PHP and MySQL onto a local computer inside your LAN which is used solely for testing.

I do not take responsibility for the way in which any one uses this application. I have made the purposes of the application clear and it should not be used maliciously.

Version: BETA

http://www.ethicalhack3r.co.uk/

I would really apretiate some feedback! 

I use vmware and a stand alone machine that I keep swapping OS's on. At the minute it has windows 2000 sp0.

You can use Metasploit's meterpreter payload to either drop the machines NTLM hashes then crack them or upload a local exploit and execute it.

I posted about meterpreter recently on my personal blog.

http://www.ethicalhack3r.co.uk