Skip to content
Pen test your "friend's" online MMORPG game - specific focus, sql injection opportunities
PHP Other
  1. PHP 98.9%
  2. Other 1.1%
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
challenges Update challenge_3.md Apr 2, 2016
crons
css init Mar 26, 2016
ipbans init Mar 26, 2016
js
README.md Update README.md Apr 1, 2016
ad.php init Mar 26, 2016
admin.news init Mar 26, 2016
advsearch.php init Mar 26, 2016
app.json kill salt Mar 26, 2016
attack.php init Mar 26, 2016
attackhosp.php init Mar 26, 2016
attackleave.php init Mar 26, 2016
attacklost.php
attackmug.php init Mar 26, 2016
attackwon.php init Mar 26, 2016
authenticate.php kill salt Mar 26, 2016
bank.php init Mar 26, 2016
banner.jpg
banner1.jpg init Mar 26, 2016
bargreen.gif init Mar 26, 2016
barred.gif
battletent.php
blacklist.php init Mar 26, 2016
cmarket.php error log Mar 26, 2016
composer.json init Mar 26, 2016
composer.lock
criminal.php
crystaltemple.php init Mar 26, 2016
cyberbank.php init Mar 26, 2016
dbdata.sql
dlarchive.php init Mar 26, 2016
docrime.php init Mar 26, 2016
donator.gif
donator.php init Mar 26, 2016
donatordone.php init Mar 26, 2016
education.php init Mar 26, 2016
estate.php init Mar 26, 2016
events.php init Mar 26, 2016
explore.php init Mar 26, 2016
fedjail.php init Mar 26, 2016
friendslist.php
gamerules.php init Mar 26, 2016
generalpage.php
global_func.php
gym.php init Mar 26, 2016
halloffame.php init Mar 26, 2016
header.php
helptutorial.php init Mar 26, 2016
hirespy.php init Mar 26, 2016
hospital.php init Mar 26, 2016
imadd.php init Mar 26, 2016
index.php
inventory.php init Mar 26, 2016
itembuy.php init Mar 26, 2016
iteminfo.php
itemmarket.php some cleanup Mar 26, 2016
itemsell.php init Mar 26, 2016
itemsend.php init Mar 26, 2016
itemuse.php init Mar 26, 2016
jailuser.php init Mar 26, 2016
loggedin.php
login.php
logo.gif
logo.png init Mar 26, 2016
logout.php init Mar 26, 2016
mailban.php
mailbox.php init Mar 26, 2016
mainmenu.php
monopaper.php
monorail.php
mysql.php init Mar 26, 2016
new_staff.php
new_staff_actions.php
number.php init Mar 26, 2016
oclog.php
preferences.php kill salt Mar 26, 2016
preport.php init Mar 26, 2016
register.php init Mar 26, 2016
roulette.php init Mar 26, 2016
search.php init Mar 26, 2016
searchname.php init Mar 26, 2016
sendcash.php
setup_mysql.php
shops.php init Mar 26, 2016
slotsmachine.php
slotsmachine2.php init Mar 26, 2016
slotsmachine3.php init Mar 26, 2016
stafflist.php
staffnotes.php init Mar 26, 2016
stats.php
userlist.php
usersonline.php init Mar 26, 2016
viewuser.php init Mar 26, 2016
votetrpg.php init Mar 26, 2016
votetwg.php
voting.php
willpdone.php init Mar 26, 2016
willpotion.php

README.md

SQL Injection Challenges

These challenges are set in a Text-Based 'MM'ORPG Game based off Mccode Lite Game Engine (GPL)

Deploy to your own Heroku instance with this button below, then complete the challenges!

Deploy

Challenges:

Challenge 1: Basic SQL Injection, modifying a query to behave other than intended.

Challenge 2: Taking it a step further and exploring subquery usage in SQL Injection

Challenge 3: Using subquery on different table to extract admin login credentials

Challenge 4: Exploring how to bypass some types of input filtering by obsfucation

Challenge 5: Exploring additional non-standard forms of user-input to achieve sql-injection

Challenge 6: Automating much of the process with existing tools, as well as seeing what's possible when a sql injection is uncovered.


Note that useful information for testing and debugging will be logged to the Papertrail app in your heroku instance. Open papertrail to view those streaming logs.

You can’t perform that action at this time.