SQL Injection Challenges

These challenges are set in a Text-Based 'MM'ORPG Game based off Mccode Lite Game Engine (GPL)

Deploy to your own Heroku instance with this button below, then complete the challenges!

Challenges:

Challenge 1: Basic SQL Injection, modifying a query to behave other than intended.

Challenge 2: Taking it a step further and exploring subquery usage in SQL Injection

Challenge 3: Using subquery on different table to extract admin login credentials

Challenge 4: Exploring how to bypass some types of input filtering by obsfucation

Challenge 5: Exploring additional non-standard forms of user-input to achieve sql-injection

Challenge 6: Automating much of the process with existing tools, as well as seeing what's possible when a sql injection is uncovered.

Note that useful information for testing and debugging will be logged to the Papertrail app in your heroku instance. Open papertrail to view those streaming logs.

Name		Name	Last commit message	Last commit date
Latest commit History 37 Commits
challenges		challenges
crons		crons
css		css
ipbans		ipbans
js		js
README.md		README.md
ad.php		ad.php
admin.news		admin.news
advsearch.php		advsearch.php
app.json		app.json
attack.php		attack.php
attackhosp.php		attackhosp.php
attackleave.php		attackleave.php
attacklost.php		attacklost.php
attackmug.php		attackmug.php
attackwon.php		attackwon.php
authenticate.php		authenticate.php
bank.php		bank.php
banner.jpg		banner.jpg
banner1.jpg		banner1.jpg
bargreen.gif		bargreen.gif
barred.gif		barred.gif
battletent.php		battletent.php
blacklist.php		blacklist.php
cmarket.php		cmarket.php
composer.json		composer.json
composer.lock		composer.lock
criminal.php		criminal.php
crystaltemple.php		crystaltemple.php
cyberbank.php		cyberbank.php
dbdata.sql		dbdata.sql
dlarchive.php		dlarchive.php
docrime.php		docrime.php
donator.gif		donator.gif
donator.php		donator.php
donatordone.php		donatordone.php
education.php		education.php
estate.php		estate.php
events.php		events.php
explore.php		explore.php
fedjail.php		fedjail.php
friendslist.php		friendslist.php
gamerules.php		gamerules.php
generalpage.php		generalpage.php
global_func.php		global_func.php
gym.php		gym.php
halloffame.php		halloffame.php
header.php		header.php
helptutorial.php		helptutorial.php
hirespy.php		hirespy.php
hospital.php		hospital.php
imadd.php		imadd.php
index.php		index.php
inventory.php		inventory.php
itembuy.php		itembuy.php
iteminfo.php		iteminfo.php
itemmarket.php		itemmarket.php
itemsell.php		itemsell.php
itemsend.php		itemsend.php
itemuse.php		itemuse.php
jailuser.php		jailuser.php
loggedin.php		loggedin.php
login.php		login.php
logo.gif		logo.gif
logo.png		logo.png
logout.php		logout.php
mailban.php		mailban.php
mailbox.php		mailbox.php
mainmenu.php		mainmenu.php
monopaper.php		monopaper.php
monorail.php		monorail.php
mysql.php		mysql.php
new_staff.php		new_staff.php
new_staff_actions.php		new_staff_actions.php
number.php		number.php
oclog.php		oclog.php
preferences.php		preferences.php
preport.php		preport.php
register.php		register.php
roulette.php		roulette.php
search.php		search.php
searchname.php		searchname.php
sendcash.php		sendcash.php
setup_mysql.php		setup_mysql.php
shops.php		shops.php
slotsmachine.php		slotsmachine.php
slotsmachine2.php		slotsmachine2.php
slotsmachine3.php		slotsmachine3.php
stafflist.php		stafflist.php
staffnotes.php		staffnotes.php
stats.php		stats.php
userlist.php		userlist.php
usersonline.php		usersonline.php
viewuser.php		viewuser.php
votetrpg.php		votetrpg.php
votetwg.php		votetwg.php
voting.php		voting.php
willpdone.php		willpdone.php
willpotion.php		willpotion.php

0x6b7966/HackMe-SQL-Injection-Challenges

Folders and files

Latest commit

History