This is a school project (educational and research purpose).
I need someone who has strong knowledge with XSS vulnerabilites, worms and web security in general.
Required skills : PHP, MySql, Java, JavaScript, Ajax, jQuery, Joomla.
Requirements:
- Edit the source code of Jomsocial 2.8_Beta3 to make it vulnerable to XSS. (preferable persistent XSS)
- Additionally I need an XSS profile based worm to function like this:
Infection: Infect user_X through the xss vulnerability made on the previous step (worm is loaded from an external server)
Payload: User_Y is visiting the profile of user_X. ; User_Y is infected and will send a friend request to User_X ;
The worm will post on the infected user wall: "User_X is my Hero!"
Spreading: User_Z is visiting the profile of User_Y (which is infected) and will be also infected (worm spreading). User_Z will also add User_X to his
friend list and post on his wall: "User_X is my Hero!".
Details and materials to start the work will be provided (jomsocial source files, xss profile based worm code example)
Note: I am accepting to work with Milestones.
Because I got burned before, the Milestone will be released only at the end of the work. A demonstration on your webserver will be requiered, before
releasing milestone.
If you don't have any experience with web security or never heard about XSS vulnerabilities please don't bother to bid on this project.
Bidders with 0 reputation will be ignored.
I have close to a decade of experience as an independent infosec researcher in various areas and have 2 years of full time experience performing formal vulnerability assessments for a fortune 10 corporation, with a specialty in embedded and industrial control systems. I have experience with php, xss, web sec, and joomla. My exploit dev experience is limited, but I am highly confident that I can deliver a finished product in a reasonable timeline. I think this project will be challenging and fun. I need a few freelance project here under my belt and am willing to do it at the rescued cost to achieve this.
$100 USD in 10 days
5.0 (1 review)
2.4
2.4
3 freelancers are bidding on average $200 USD for this job