This is a school project (educational and research purpose).
I need someone who has strong knowledge with XSS attacks, worms and web security in general.
Required skills : PHP, MySql, Java, JavaScript, Ajax.
Basically I need to reproduce the ''Samy worm'' known also as "myspace worm". Make something similar but on a small scale.
For starters I need a very basic social network to test the worm. (I don't care too much about functionality, design, etc, because it will be used only for testing).
To make it simpler , there are some free social networks (open source) available like Elgg, Oxwall that you can use.
Old versions of it are already vulnerable to XSS, but there is the possibility to make it vulnerable by editing the source code.
Any other method to test the worm is welcomed but at the end I need a mini social network platform to let loose the worm.
The worm
The worm needs to be profile-based which spreads through an information field on the profile.
XSS worm payload
- spreading and infecting other profiles just by visiting an infected profile
- makes users friend a specific account (samy worm example)
- post to user wall something (samy worm example)
- any addition are welcomed
Report/Documentation
Because I need to make also a report about it, I need at the end some explanations about how/what you did.
Final notes
At the end I want to see that the worm is functioning as described through TeamViewer or on a free webserver. After that the funds will be released and I get the source files.