SQL injection/Web security expert -- 2

$30-250 USD

Completed

Posted

about 3 years ago

$30-250 USD

Paid on delivery

We need you to penetrate the following case scenario: Suppose there is a PHP script file "[login to view URL]" which takes a param i.e $_GET["profilePic"], which is image file path and then it generates a PDF with this image using FPDF library. If the image file doesn't exist, it will throw an error like: Warning: getimagesize(uploads/X/[login to view URL]): failed to open stream: No such file or directory in /home/X/public_html/[login to view URL] on line 1202 FPDF error: Missing or incorrect image file: uploads/X/[login to view URL] We need a proof of concept that this unhandled warning can result into server being pwned/allowing execution of PHP code. You will be rewarded with a bounty and this may lead to more projects in future!

PHP

MySQL

Web Security

Certified Information Systems Security Professional (CISSP)

Database Administration

Project ID: 29428134

About the project

10 proposals

Remote project

Active 3 yrs ago

Looking to make some money?

Email address

Benefits of bidding on Freelancer

Set your budget and timeframe

Get paid for your work

Outline your proposal

It's free to sign up and bid on jobs

Awarded to:

@avinashsg16

Hi, As per our discussion yesterday I am already working on this and I expect this to be completed by 9 pm. I will share the report to you. Kindly initiate personal chat to discuss. Thanks Avinash

$50 USD in 7 days

4.7

(4 reviews)

3.7

10 freelancers are bidding on average $161 USD for this job

@imTuyen

Hello Sir. I can do this project right now. I am a professional Linux and developer in PHP, Wordpress, Laravel, Magento, Joomla, Prestashop, OpenCart, Yii, NodeJS, Angular, Vue.js, HTML5, CSS3 and jQuery. I can do this project. Please hire me. I think, You will contentment with my skills. I can fix your site issue successfully. I am looking forward to having further discussions with you and can start working immediately. Thank you

$120 USD in 1 day

5.0

(68 reviews)

6.0

@safdarsaleem90

I am an experienced PHP / Ethical Hacker & Web developer I will FIX SQL injection/Web security issues as per your requirements with full satisfaction & unlimited revisions In order to any delay we'll refund your money Over the last 3 years, I have developed a wide range of Desktop apps and websites using JavaScript, HMTL, PHP, and MySQL And Desktop Applications Using C# and Vb.NET and Windows Forms including sites and Applications for startup companies and small businesses. Backend side: PHP5, Drupal, CodeIgniter, Wordpress, Laravel, Node.js Front End Side: HTML5/CSS3/SASS/SCSS/LESS JavaScript/ Jquery Databases: MySQL, MongoDB, Oracle API's: Twitter API, LinkedIn API, PayPal API, Payoneer API etc.

$150 USD in 4 days

5.0

(24 reviews)

4.5

@irfanui

Hi There, This is Mohammad from brief I summarize that you need a SQL injection/Web security expert Right? Sure i'll provide you with Quality Work. Please award me the project so that we can discuss it more. I am a Full Stack Engineer with 15 years of experience. I have worked on several similar projects You can see Ratings and Reviews from Client here: www.freelancer.com/u/irfanui Thanks.

$250 USD in 25 days

4.8

(4 reviews)

2.8

@Tiger1337

Hi, I've read your project details. I'm currently unable to response you via chat due to the following reason. "Unfortunately, you are not allowed to send a message to this thread." I can pentest your file for SQLi or other vulnerabilities. You need to provide me your web URL to check the vulnerability. Let me know if you are interested. Thanks.

$85 USD in 3 days

5.0

(2 reviews)

2.1

@cjfairhead

Hi There, This actually sounds more like a Local File Inclusion (LFI) issue rather than SQL injection (the error isn't a SQL error...). Depending the version of PHP that is in use I have a few ideas on how you could pwn this server. I am a professional penetration tester and would be happy to test this for you.

$200 USD in 3 days

0.0

(0 reviews)

0.0

@EgorKovalev

Hello, I am happy to share keen interest in working with you on this exciting opportunity as I have relevant experience to complete this project as per mentioned requirements. I am ready to start immediately and will be available full time for you. I ensured perfect work till now as you can see in my profile and would like to help you by doing my best. we are Professional and quality work is my prime concern. - I will complete all of your requirements - I will do more tweaks for you as well I ensure you that I am best suit for this post. Please open chat with me so we can discuss more in details.

$200 USD in 10 days

0.0

(0 reviews)

0.0

@shashankkumar427

Hi there, I have read your requirements and would like to tell you that I am a part-time freelancer and work on these technologies (Laravel (5 / 6 / 7), WordPress (4 / 5), Cake (3), Yii (1 / 2), Core PHP and many more) for more than 4+ years. I am very much competent with Frameworks but have very good experience with others listed technologies as well. I have made many projects for schools, businesses, non profit companies, small start-up companies, personal blogs and many more custom systems. We can talk more about my availability and how we will be working on the project. I would like to know when can we discuss more about your project and can get started? Hope to hear from you soon! Good day!

$195 USD in 10 days

0.0

(0 reviews)

0.0

@jeanyvesvw

Hi, I have 17 years of experience in web development and 7 years is Security. There are certain techniques that can be used to try to pwn the server but I will need to test them out, because a warning only shows certain aspects of how the code is handled. However, if the code around that warning is written properly, then this error cannot be leveraged. Is there a way I can actually test that web application? Regards, Jean-Yves

$222 USD in 3 days