神刀安全网

HackMe – XSS/CSRF Challenges

XSS/CSRF Challenges

These challenges are set in a Text-Based ‘MM’ORPG Game based off Mccode Lite Game Engine (GPL)

Deploy to your own Heroku instance with this button below, then complete the challenges!

HackMe – XSS/CSRF Challenges

*NOTE – if you get an error while deploying, wait 60 seconds and try again. The phantomjs buildpack used in this deploy fails intermittently on build when heroku has trouble establishing a connection to bitbucket, but it’s always worked for me after a couple tries.

Challenges:

Challenge 1: Basic CSRF

Challenge 2: XSS – thinking outside the box

Challenge 3: CSRF – trick an admin into upgrading your account to admin status.

Challenge 4: XSS via BBCode parser, steal admin’s cookies

Challenge 5: XSS – creating a xss javascript worm

Note that useful information for testing and debugging will be logged to the Papertrail app in your heroku instance. Open papertrail to view those streaming logs.

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » HackMe – XSS/CSRF Challenges

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址