Käynnissä

XSS Worm Research

This is a school project (educational and research purpose).

I need someone who has strong knowledge with XSS vulnerabilites, worms and web security in general.

Required skills : PHP, MySql, Java, JavaScript, Ajax, jQuery, Joomla.

Requirements:

- Edit the source code of Jomsocial 2.8_Beta3 to make it vulnerable to XSS. (preferable persistent XSS)

- Additionally I need an XSS profile based worm to function like this:

Infection: Infect user_X through the xss vulnerability made on the previous step (worm is loaded from an external server)

Payload: User_Y is visiting the profile of user_X. ; User_Y is infected and will send a friend request to User_X ;

The worm will post on the infected user wall: "User_X is my Hero!"

Spreading: User_Z is visiting the profile of User_Y (which is infected) and will be also infected (worm spreading). User_Z will also add User_X to his

friend list and post on his wall: "User_X is my Hero!".

Details and materials to start the work will be provided (jomsocial source files, xss profile based worm code example)

Note: I am accepting to work with Milestones.

Because I got burned before, the Milestone will be released only at the end of the work. A demonstration on your webserver will be requiered, before

releasing milestone.

If you don't have any experience with web security or never heard about XSS vulnerabilities please don't bother to bid on this project.

Bidders with 0 reputation will be ignored.

Taidot: Javascript, Joomla, jQuery / Prototype, MySQL, PHP

Näytä lisää: ajax webserver, worm, vulnerable, security vulnerability, edit research, edit milestones, send friend request php, webserver post, security research project, edit user profile php mysql, school project joomla, php jquery edit profile, friend request php, step step knowledge php, spreading, school research, java webserver, jquery ajax java, java mysql project school, wall post post, edit materials, ajax profile jomsocial, infected joomla, user experience research, java code friend request

Tietoa työnantajasta:
( 10 arvostelua ) Linz, Austria

Projektin tunnus: #4285747

Myönnetty käyttäjälle:

cmechlin

I have close to a decade of experience as an independent infosec researcher in various areas and have 2 years of full time experience performing formal vulnerability assessments for a fortune 10 corporation, with a spe Lisää

100 $ USD 10 päivässä
(1 arvostelu)
2.4

3 freelanceria on tarjonnut keskimäärin 200 $ tähän työhön

vietcodepro

Hello, I'm very interested your project. Please check your inbox for more details, thanks!

250 $ USD 3 päivässä
(548 arvostelua)
8.2
joomextensions

Hello, We are ready for this job, Please check Private Message. Regards.

250 $ USD 3 päivässä
(47 arvostelua)
6.6
hbirjand

Hi I am a joomla expert.

250 $ USD 10 päivässä
(11 arvostelua)
3.0