Cybersecurity Assistance Needed
$10-30 USD
Dibayar semasa penghantaran
Hello,
I am a cybersecurity researcher and I want to conduct a proof of concept test for vulnerability CVE-2023-2996. This is the report available on WPSCAN.
Jetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API CVE-2023-2996
Description
The plugin does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization.
Proof of Concept
curl --json '{ "media": {"tmp_name": "/WP_CONTENT_PATH/[login to view URL]", "name": "[login to view URL]"} }' [login to view URL]
Where BLOG_ID is the site Jetpack blog id.
I cannot perform this POC because I don't have a public WordPress test site.
To apply to this offer and assist me with this POC, you must have a WordPress test site of any version with XML-RPC enabled and accessible to the public so that you can connect Jetpack to your site. You need to download, install, and connect the vulnerable Jetpack plugin specifically version 11.7.1.
These are references for understanding the vulnerability:
- CVE-2023-2996: [login to view URL]
- WPScan Vulnerability Report: [login to view URL]
- Jetpack Security Advisory: [login to view URL]
What you need to do is successfully execute the POC as an author user in WordPress (I will only pay if you demonstrate the vulnerability), and I want to receive a video where you execute the POC. Also, provide a brief written explanation of the steps you took to execute the POC.
If you have any questions, I will be happy to answer them.
Sincerely,
Jonathan Zamora
ID Projek: #37984276
Tentang projek
31 pekerja bebas membida secara purata $24 untuk pekerjaan ini
Let me do this partly for free for my portfolio! 12+ years of experience! I'm very good at digital-marketing & web-development! Simultaneously led 300 advertising campaigns!I developed landing pages with conversion ra Lagi
Hello Jonathan Z., I have reviewed your job description, I have rich experience in MySQL, WordPress, WordPress Plugin, PHP and Plugin. So I can deliver the best result on time Please contact me via chat to discuss you Lagi
Hey Mate Jonathan Z., Good evening! I am an expert mobile software engineer with skills including Plugin, MySQL, WordPress, WordPress Plugin and PHP. Please send a message to discuss more about this project. Talk Lagi
To assist with your proof of concept for vulnerability CVE-2023-2996, I offer a WordPress test site with XML-RPC enabled. I will install the vulnerable Jetpack plugin version 11.7.1 and execute the provided POC as an a Lagi
Hey Jonathan Z., Good evening! I’ve carefully checked your requirements and really interested in this job. I’m full stack node.js developer working at large-scale apps as a lead developer with U.S. and European teams. Lagi
Hey Jonathan Z., Good evening! I am skilled mobile coder with skills including WordPress, Plugin, MySQL, WordPress Plugin and PHP. Please send a message to discuss more regarding this project. Thanks for giving o Lagi
Hey Jonathan Z., Good evening! This is Julian from United States who has been working with website development for over 7 years now. I have checked "Cybersecurity Assistance Needed" project description carefully and I Lagi
Hello, Jonathan Z., I am very interested in your project "Cybersecurity Assistance Needed" and I believe that my extensive 13 years of experience as a full-stack developer perfectly aligns with the needs of your job. Lagi