DVWA v1.0.6 has been released. The changes are mainly bug fixes and a couple of tweaks here and there.

‘

Changelog:

Fixed a bug where the logo would not show on first time use. 03/09/2009 (ethicalhack3r)
Removed ‘current password’ input box for low+med CSRF security. 03/09/2009 (ethicalhack3r)
Added an article which was written for OWASP Turkey. 03/10/2009 (ethicalhack3r)
Added more toubleshooting information. 02/10/2009 (ethicalhack3r)
Stored XSS high now sanitises output. 02/10/2009 (ethicalhack3r)
Fixed a ‘bug’ in XSS stored low which made it not vulnerable. 02/10/2009 (ethicalhack3r)
Rewritten command execution high to use a whitelist. 30/09/09 (ethicalhack3r)
Fixed a command execution vulnerability in exec high. 17/09/09 (ethicalhack3r)
Added some troubleshooting info for PHP 5.2.6 in readme.txt. 17/09/09 (ethicalhack3r)
Added the upload directory to the upload help. 17/09/09 (ethicalhack3r)

‘
Download