Cybersecurity Assistance Needed

Closed Posted 1 month ago Paid on delivery
Closed Paid on delivery

Hello,

I am a cybersecurity researcher and I want to conduct a proof of concept test for vulnerability CVE-2023-2996. This is the report available on WPSCAN.

Jetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API CVE-2023-2996

Description

The plugin does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization.

Proof of Concept

curl --json '{ "media": {"tmp_name": "/WP_CONTENT_PATH/[login to view URL]", "name": "[login to view URL]"} }' [login to view URL]

Where BLOG_ID is the site Jetpack blog id.

I cannot perform this POC because I don't have a public WordPress test site.

To apply to this offer and assist me with this POC, you must have a WordPress test site of any version with XML-RPC enabled and accessible to the public so that you can connect Jetpack to your site. You need to download, install, and connect the vulnerable Jetpack plugin specifically version 11.7.1.

These are references for understanding the vulnerability:

- CVE-2023-2996: [login to view URL]

- WPScan Vulnerability Report: [login to view URL]

- Jetpack Security Advisory: [login to view URL]

What you need to do is successfully execute the POC as an author user in WordPress (I will only pay if you demonstrate the vulnerability), and I want to receive a video where you execute the POC. Also, provide a brief written explanation of the steps you took to execute the POC.

If you have any questions, I will be happy to answer them.

Sincerely,

Jonathan Zamora

PHP WordPress MySQL WordPress Plugin Plugin

Project ID: #37984276

About the project

31 proposals Remote project Active 2 days ago

31 freelancers are bidding on average $24 for this job

paul396

Hello, Jonathan Z. I UNDERSTAND YOUR REQUIREMENTS 100% Very happy to your project (Cybersecurity Assistance Needed). Reading your project, I notice that you are looking for a normal programming language developer. I am More

$10 USD in 6 days
(2 Reviews)
1.2
Grady0880

⭐⭐⭐⭐⭐Hi there.⭐⭐⭐⭐⭐ I have read the detail and know that i can help you with my skill. I have rich experience in PHP, WordPress Plugin, MySQL, Plugin and WordPress for 7+ years. So, I can give you the best outcome wit More

$50 USD in 1 day
(0 Reviews)
0.0
annija6

Hello Mate!Greetings Jonathan Z., Good evening! I am an expert mobile coder with skills including WordPress Plugin, MySQL, PHP, WordPress and Plugin. Please send a message to discuss more about this project. With More

$10 USD in 2 days
(0 Reviews)
0.0
sergei100j

Let me do this partly for free for my portfolio! 12+ years of experience! I'm very good at digital-marketing & web-development! Simultaneously led 300 advertising campaigns!I developed landing pages with conversion ra More

$20 USD in 7 days
(0 Reviews)
0.0
kristina052

Hello Jonathan Z., I have reviewed your job description, I have rich experience in MySQL, WordPress, WordPress Plugin, PHP and Plugin. So I can deliver the best result on time Please contact me via chat to discuss you More

$10 USD in 1 day
(0 Reviews)
0.0
michael839554

Hey Mate Jonathan Z., Good evening! I am an expert mobile software engineer with skills including Plugin, MySQL, WordPress, WordPress Plugin and PHP. Please send a message to discuss more about this project. Talk More

$10 USD in 5 days
(0 Reviews)
0.0
Larry8080

✔✔✔✔✔Hi there.✔✔✔✔✔ I understood your requirement completely and have experience developing similar project. I have read the detail and know that i can help you with my skill. I have rich experience in WordPress, MySQ More

$50 USD in 1 day
(0 Reviews)
0.0
markk0011

Dear Jonathan Z. I'm excited to apply for your job "Cybersecurity Assistance Needed" regarding to the development position. With several years of experience in development, I have a proven track record of creating res More

$25 USD in 3 days
(0 Reviews)
0.0
evgeniia6

❤️ Hello Jonathan Z.. ❤️ Good evening . After carefully reviewing your Cybersecurity Assistance Needed, I have a clear understanding of your needs. I have + 7 years of experience in this field can with high quality wo More

$25 USD in 6 days
(0 Reviews)
0.0
webspide

Hello Jonathan Z., I understand that you require assistance in conducting a proof of concept test for vulnerability CVE-2023-2996 related to the Jetpack plugin on WordPress. I have a strong background in PHP, WordPres More

$20 USD in 7 days
(0 Reviews)
0.0
LetsDevelope

To assist with your proof of concept for vulnerability CVE-2023-2996, I offer a WordPress test site with XML-RPC enabled. I will install the vulnerable Jetpack plugin version 11.7.1 and execute the provided POC as an a More

$30 USD in 1 day
(0 Reviews)
0.0
janecarina109

Hey Jonathan Z., Good evening! I’ve carefully checked your requirements and really interested in this job. I’m full stack node.js developer working at large-scale apps as a lead developer with U.S. and European teams. More

$15 USD in 1 day
(0 Reviews)
0.0
David21110

Hey Jonathan Z., Good evening! I am skilled mobile coder with skills including WordPress, Plugin, MySQL, WordPress Plugin and PHP. Please send a message to discuss more regarding this project. Thanks for giving o More

$10 USD in 4 days
(0 Reviews)
0.0
zach00

✌✌✌✌✌ Hi, You are looking for me.✌✌✌✌✌ This job MATCHES my skill set very well. I just carefully checked your description about Cybersecurity Assistance Needed As a decent full stack developer, I have extensive exper More

$10 USD in 2 days
(0 Reviews)
0.0
Hafiz0907

Let's start with me and you may check my sample projects regarding to your project as I have 17 years experience in all these fields and I have done too much similar projects I know I am new here it's very difficult to More

$80 USD in 6 days
(0 Reviews)
0.0
julianR0212

Hey Jonathan Z., Good evening! This is Julian from United States who has been working with website development for over 7 years now. I have checked "Cybersecurity Assistance Needed" project description carefully and I More

$10 USD in 5 days
(0 Reviews)
0.0
cr000mi

Hello, I'm extremely excited because I recently had a very similar experience. I'm confident that I can complete your task perfectly as soon as possible in a short amount of time, and I'm sure you'll be pleased with th More

$24 USD in 1 day
(0 Reviews)
0.0
ihordidovets211

Hello, Jonathan Z., I am very interested in your project "Cybersecurity Assistance Needed" and I believe that my extensive 13 years of experience as a full-stack developer perfectly aligns with the needs of your job. More

$10 USD in 4 days
(0 Reviews)
0.0