These challenges are set in a Text-Based ‘MM’ORPG Game based off Mccode Lite Game Engine (GPL)
Deploy to your own Heroku instance with this button below, then complete the challenges!
*NOTE – if you get an error while deploying, wait 60 seconds and try again. The phantomjs buildpack used in this deploy fails intermittently on build when heroku has trouble establishing a connection to bitbucket, but it’s always worked for me after a couple tries.
Challenge 1: Basic CSRF
Challenge 2: XSS – thinking outside the box
Challenge 3: CSRF – trick an admin into upgrading your account to admin status.
Challenge 4: XSS via BBCode parser, steal admin’s cookies
Note that useful information for testing and debugging will be logged to the Papertrail app in your heroku instance. Open papertrail to view those streaming logs.