I want to share with you an important fix for the pre-installed Mutillidae on the Metasploitable virtual machine. You’re going to face some issues if you try to pen-test the mutillidae website. To fix the issue you need to log into the metasploitable machine and open the configuration file of the mutillidae website located at the following path:
/var/www/mutillidae/config.inc (use nano or vim, you may need to use the sudo).
Change the dbname field from metasploit to owasp10
Hope that this tip will help.