12DVGA靶场

## 一、概述

DVGA（Damn Vulnerable GraphQL Application）

## 二、安装

```dockerfile
# Pull the docker image from Docker Hub
docker pull dolevf/dvga

# Create a container from the image
docker run -t -p 5013:5013⁠ -e WEB_HOST=0.0.0.0 dolevf/dvga
```

![image-20250815160250432](https://oss.maolin101.com/image-20250815160250432.png-101.webp)

## 三、靶场练习

### 3.1 SSRF

1、在【Import Paste】模块中，发现可以导入第三方URL，在输入第三方链接之后进行抓包。

![image-20250815160503214](https://oss.maolin101.com/image-20250815160503214.png-101.webp)

2、发送到repeater模块中分析参数，

输入的链接是

```txt
https://maolin101.com/archives/dockeran-zhuang
```

猜测参数：

- host：链接的域名
- port：端口
- path：路径
- scheme：协议

3、发包

![image-20250815160843830](https://oss.maolin101.com/image-20250815160843830.png-101.webp)

### 3.2 命令注入

![image-20250815162905058](https://oss.maolin101.com/image-20250815162905058.png-101.webp)

### 3.3 XSS

![image-20250815163233845](https://oss.maolin101.com/image-20250815163233845.png-101.webp)

![image-20250815163215020](https://oss.maolin101.com/image-20250815163215020.png-101.webp)

### 3.4 任意文件读取

![image-20250815163456881](https://oss.maolin101.com/image-20250815163456881.png-101.webp)

![image-20250815163557510](https://oss.maolin101.com/image-20250815163557510.png-101.webp)

![image-20250815163635680](https://oss.maolin101.com/image-20250815163635680.png-101.webp)