These challenges are set in a Text-Based 'MM'ORPG Game based off Mccode Lite Game Engine (GPL)
Deploy to your own Heroku instance with this button below, then complete the challenges!
*NOTE - if you get an error while deploying, wait 60 seconds and try again. The phantomjs buildpack used in this deploy fails intermittently on build when heroku has trouble establishing a connection to bitbucket, but it's always worked for me after a couple tries.
Challenge 1: Basic CSRF
Challenge 2: XSS - thinking outside the box
Challenge 3: CSRF - trick an admin into upgrading your account to admin status.
Challenge 4: XSS via BBCode parser, steal admin's cookies
Challenge 5: XSS - creating a xss javascript worm
Note that useful information for testing and debugging will be logged to the Papertrail app in your heroku instance. Open papertrail to view those streaming logs.