File Upload Challenges

These challenges are set in a Text-Based 'MM'ORPG Game based off Mccode Lite Game Engine (GPL)

Deploy to your own Heroku instance with this button below, then complete the challenges!

For each challenge, you have 'beat' it if you can successfully get php code you wrote to run on the server. A quick and easy test script would look like this:

Challenges:

Challenge 1: File extension validation

Challenge 2: Mime types client-side

Challenge 3: Mime types & image validation server-side

Challenge 4: More strict file extension validation

Challenge 5: Combo attack with local file inclusion

Challenge 6: Seeing what's possible with file upload (such as php web shells).

Note that useful information for testing and debugging will be logged to the Papertrail app in your heroku instance. Open papertrail to view those streaming logs.

Name		Name	Last commit message	Last commit date
Latest commit History 15 Commits
challenges		challenges
crons		crons
css		css
ipbans		ipbans
js		js
README.md		README.md
ad.php		ad.php
admin.news		admin.news
advsearch.php		advsearch.php
app.json		app.json
attack.php		attack.php
attackhosp.php		attackhosp.php
attackleave.php		attackleave.php
attacklost.php		attacklost.php
attackmug.php		attackmug.php
attackwon.php		attackwon.php
authenticate.php		authenticate.php
bank.php		bank.php
banner.jpg		banner.jpg
banner1.jpg		banner1.jpg
bargreen.gif		bargreen.gif
barred.gif		barred.gif
battletent.php		battletent.php
blacklist.php		blacklist.php
cmarket.php		cmarket.php
composer.json		composer.json
composer.lock		composer.lock
criminal.php		criminal.php
crystaltemple.php		crystaltemple.php
cyberbank.php		cyberbank.php
dbdata.sql		dbdata.sql
dlarchive.php		dlarchive.php
docrime.php		docrime.php
donator.gif		donator.gif
donator.php		donator.php
donatordone.php		donatordone.php
education.php		education.php
estate.php		estate.php
events.php		events.php
explore.php		explore.php
fedjail.php		fedjail.php
friendslist.php		friendslist.php
gamerules.php		gamerules.php
generalpage.php		generalpage.php
global_func.php		global_func.php
gym.php		gym.php
halloffame.php		halloffame.php
header.php		header.php
helptutorial.php		helptutorial.php
hirespy.php		hirespy.php
hospital.php		hospital.php
imadd.php		imadd.php
index.php		index.php
inventory.php		inventory.php
itembuy.php		itembuy.php
iteminfo.php		iteminfo.php
itemmarket.php		itemmarket.php
itemsell.php		itemsell.php
itemsend.php		itemsend.php
itemuse.php		itemuse.php
jailuser.php		jailuser.php
loggedin.php		loggedin.php
login.php		login.php
logo.gif		logo.gif
logo.png		logo.png
logout.php		logout.php
mailban.php		mailban.php
mailbox.php		mailbox.php
mainmenu.php		mainmenu.php
monopaper.php		monopaper.php
monorail.php		monorail.php
mysql.php		mysql.php
new_staff.php		new_staff.php
new_staff_actions.php		new_staff_actions.php
number.php		number.php
oclog.php		oclog.php
page_loader.php		page_loader.php
preferences.php		preferences.php
preferences_c1.php		preferences_c1.php
preferences_c2.php		preferences_c2.php
preferences_c3.php		preferences_c3.php
preferences_c4.php		preferences_c4.php
preferences_c5.php		preferences_c5.php
preferences_c5_changepic.php		preferences_c5_changepic.php
preport.php		preport.php
register.php		register.php
roulette.php		roulette.php
search.php		search.php
searchname.php		searchname.php
sendcash.php		sendcash.php
setup_mysql.php		setup_mysql.php
shops.php		shops.php
slotsmachine.php		slotsmachine.php
slotsmachine2.php		slotsmachine2.php
slotsmachine3.php		slotsmachine3.php
stafflist.php		stafflist.php
staffnotes.php		staffnotes.php
stats.php		stats.php
userlist.php		userlist.php
usersonline.php		usersonline.php

Arditc/file-upload-exercises

Folders and files

Latest commit

History