File Upload Exercises
A Text-Based MMORPG Game based off Mccode Lite (GPL)
Deploy to your own Heroku instance with this button below, then complete the challenges!
For each challenge, you have ‘beat’ it if you can successfully get php code you wrote to run on the server. A quick and easy test script would look like this: <?php phpinfo(); ?>
Challenge 1: File extension validation
Challenge 2: Mime types client-side
Challenge 3: Mime types & image validation server-side
Challenge 4: More strict file extension validation
Challenge 5: Combo attack with local file inclusion
Challenge 6: Seeing what’s possible with file upload (such as php web shells).
Note that useful information for testing and debugging will be logged to the Papertrail app in your heroku instance. Open papertrail to view those streaming logs.