XSS/CSRF Challenges

These challenges are set in a Text-Based 'MM'ORPG Game based off Mccode Lite Game Engine (GPL)

Deploy to your own Heroku instance with this button below, then complete the challenges!

*NOTE - if you get an error while deploying, wait 60 seconds and try again. The phantomjs buildpack used in this deploy fails intermittently on build when heroku has trouble establishing a connection to bitbucket, but it's always worked for me after a couple tries.

Challenges:

Challenge 1: Basic CSRF

Challenge 2: XSS - thinking outside the box

Challenge 3: CSRF - trick an admin into upgrading your account to admin status.

Challenge 4: XSS via BBCode parser, steal admin's cookies

Challenge 5: XSS - creating a xss javascript worm

Note that useful information for testing and debugging will be logged to the Papertrail app in your heroku instance. Open papertrail to view those streaming logs.

Name		Name	Last commit message	Last commit date
Latest commit History 77 Commits
challenges		challenges
crons		crons
css		css
ipbans		ipbans
js		js
.gitignore		.gitignore
README.md		README.md
ad.php		ad.php
admin.news		admin.news
advsearch.php		advsearch.php
app.json		app.json
attack.php		attack.php
attackhosp.php		attackhosp.php
attackleave.php		attackleave.php
attacklost.php		attacklost.php
attackmug.php		attackmug.php
attackwon.php		attackwon.php
authenticate.php		authenticate.php
bank.php		bank.php
banner.jpg		banner.jpg
banner1.jpg		banner1.jpg
bargreen.gif		bargreen.gif
barred.gif		barred.gif
battletent.php		battletent.php
bbcoder_adv.php		bbcoder_adv.php
blacklist.php		blacklist.php
cmarket.php		cmarket.php
composer.json		composer.json
composer.lock		composer.lock
criminal.php		criminal.php
crystaltemple.php		crystaltemple.php
cyberbank.php		cyberbank.php
dbdata.sql		dbdata.sql
dlarchive.php		dlarchive.php
docrime.php		docrime.php
donator.gif		donator.gif
donator.php		donator.php
donatordone.php		donatordone.php
education.php		education.php
estate.php		estate.php
events.php		events.php
explore.php		explore.php
fake_admin_browser.js		fake_admin_browser.js
fedjail.php		fedjail.php
friendslist.php		friendslist.php
gamerules.php		gamerules.php
generalpage.php		generalpage.php
global_func.php		global_func.php
gym.php		gym.php
halloffame.php		halloffame.php
header.php		header.php
helptutorial.php		helptutorial.php
hirespy.php		hirespy.php
hospital.php		hospital.php
imadd.php		imadd.php
index.php		index.php
inventory.php		inventory.php
itembuy.php		itembuy.php
iteminfo.php		iteminfo.php
itemmarket.php		itemmarket.php
itemsell.php		itemsell.php
itemsend.php		itemsend.php
itemuse.php		itemuse.php
jailuser.php		jailuser.php
loggedin.php		loggedin.php
login.php		login.php
logo.gif		logo.gif
logo.png		logo.png
logout.php		logout.php
mailban.php		mailban.php
mailbox.php		mailbox.php
mainmenu.php		mainmenu.php
monopaper.php		monopaper.php
monorail.php		monorail.php
mysql.php		mysql.php
new_staff.php		new_staff.php
new_staff_actions.php		new_staff_actions.php
number.php		number.php
oclog.php		oclog.php
preferences.php		preferences.php
preferences_c2.php		preferences_c2.php
preport.php		preport.php
register.php		register.php
roulette.php		roulette.php
search.php		search.php
searchname.php		searchname.php
sendcash.php		sendcash.php
setup_mysql.php		setup_mysql.php
shops.php		shops.php
slotsmachine.php		slotsmachine.php
slotsmachine2.php		slotsmachine2.php
slotsmachine3.php		slotsmachine3.php
stafflist.php		stafflist.php
staffnotes.php		staffnotes.php
stats.php		stats.php
trigger_fake_admin.php		trigger_fake_admin.php
userlist.php		userlist.php
usersonline.php		usersonline.php
viewuser.php		viewuser.php
votetrpg.php		votetrpg.php

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

XSS/CSRF Challenges

Challenges:

About

Releases

Packages

Languages

breakthenet/HackMe-XSS-CSRF-Challenges

Folders and files

Latest commit

History

Repository files navigation

XSS/CSRF Challenges

Challenges:

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages