Hack your friend's online MMORPG game - specific focus, sql injection opportunities
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
challenges
crons
css
ipbans
js
README.md
ad.php
admin.news
advsearch.php
app.json
attack.php
attackhosp.php
attackleave.php
attacklost.php
attackmug.php
attackwon.php
authenticate.php
bank.php
banner.jpg
banner1.jpg
bargreen.gif
barred.gif
battletent.php
blacklist.php
cmarket.php
composer.json
composer.lock
criminal.php
crystaltemple.php
cyberbank.php
dbdata.sql
dlarchive.php
docrime.php
donator.gif
donator.php
donatordone.php
education.php
estate.php
events.php
explore.php
fedjail.php
friendslist.php
gamerules.php
generalpage.php
global_func.php
gym.php
halloffame.php
header.php
helptutorial.php
hirespy.php
hospital.php
imadd.php
index.php
inventory.php
itembuy.php
iteminfo.php
itemmarket.php
itemsell.php
itemsend.php
itemuse.php
jailuser.php
loggedin.php
login.php
logo.gif
logo.png
logout.php
mailban.php
mailbox.php
mainmenu.php
monopaper.php
monorail.php
mysql.php
new_staff.php
new_staff_actions.php
number.php
oclog.php
preferences.php
preport.php
register.php
roulette.php
search.php
searchname.php
sendcash.php
setup_mysql.php
shops.php
slotsmachine.php
slotsmachine2.php
slotsmachine3.php
stafflist.php
staffnotes.php
stats.php
userlist.php
usersonline.php
viewuser.php
votetrpg.php
votetwg.php
voting.php
willpdone.php
willpotion.php

README.md

SQL Injection Challenges

These challenges are set in a Text-Based 'MM'ORPG Game based off Mccode Lite Game Engine (GPL)

Deploy to your own Heroku instance with this button below, then complete the challenges!

Deploy

Challenges:

Challenge 1: Basic SQL Injection, modifying a query to behave other than intended.

Challenge 2: Taking it a step further and exploring subquery usage in SQL Injection

Challenge 3: Using subquery on different table to extract admin login credentials

Challenge 4: Exploring how to bypass some types of input filtering by obsfucation

Challenge 5: Exploring additional non-standard forms of user-input to achieve sql-injection

Challenge 6: Automating much of the process with existing tools, as well as seeing what's possible when a sql injection is uncovered.


Note that useful information for testing and debugging will be logged to the Papertrail app in your heroku instance. Open papertrail to view those streaming logs.