XSS/CSRF Challenges
These challenges are set in a Text-Based 'MM'ORPG Game based off Mccode Lite Game Engine (GPL)
USES DEPRECATED PHP5 MYSQL EXTENSION. Will be fixed when I have the time for it. Meanwhile use on computer with PHP5?
Challenges:
Challenge 1: Basic CSRF
Challenge 2: XSS - thinking outside the box
Challenge 3: CSRF - trick an admin into upgrading your account to admin status.
Challenge 4: XSS via BBCode parser, steal admin's cookies
Challenge 5: XSS - creating a xss javascript worm
Note that useful information for testing and debugging will be logged to the Papertrail app in your heroku instance. Open papertrail to view those streaming logs.