XSS Worm Research

This is a school project (educational and research purpose). I need someone who has strong knowledge with XSS vulnerabilites, worms and web security in general. Required skills : PHP, MySql, Java, JavaScript, Ajax, jQuery, Joomla. Requirements: - Edit the source code of Jomsocial 2.8_Beta3 to make it vulnerable to XSS. (preferable persistent XSS) - Additionally I need an XSS profile based worm to function like this: Infection: Infect user_X through the xss vulnerability made on the previous step (worm is loaded from an external server) Payload: User_Y is visiting the profile of user_X. ; User_Y is infected and will send a friend request to User_X ; The worm will post on the infected user wall: "User_X is my Hero!" Spreading: User_Z is visiting the profile of User_Y (which is infected) and will be also infected (worm spreading). User_Z will also add User_X to his friend list and post on his wall: "User_X is my Hero!". Details and materials to start the work will be provided (jomsocial source files, xss profile based worm code example) Note: I am accepting to work with Milestones. Because I got burned before, the Milestone will be released only at the end of the work. A demonstration on your webserver will be requiered, before releasing milestone. If you don't have any experience with web security or never heard about XSS vulnerabilities please don't bother to bid on this project. Bidders with 0 reputation will be ignored.