Introduction
This is a school project (educational purpose), so I don't care about hacking any website. Its a bit over my head so thats why I am posting this project.
Basically I need to reproduce the ''Samy worm'' known also as "myspace worm" in a controlled environment. (VM/XAMPP)
Requierements
For starters I need a very basic social network to test the worm. (I don't care too much about functionality, design, etc, because it will be used only for testing).
To make it simpler , there are some free social networks available like Ellg, Oxwall that you can use.
Old versions of it are already vulnerable to XSS, but there is the possibility to make it vulnerable by editing the source code.
Any other method to test the worm is welcomed but at the end I need a mini social network platform to let loose the worm.
The worm
The worm needs to be profile-based which spreads through an information field on the profile.
XSS worm payload
- spreading and infecting other profiles just by visiting an infected profile
- makes users friend "my account" (samy worm example)
- post to user wall something (samy worm)
- any addition are welcomed
Report
Because I need to make also a report about it, I need at the end some explanations about how/what you did.
Final notes
At the end I want to see that the worm is functioning as described through TeamViewer or something similar.