Post a Contest

build a zip bomb plugin for wordpress

Status: Closed
Prize: $110
Entries Received: 4
Winner: JakeValladares

Winner

Contest Brief

Create a plugin for wordpress that breaks WPScan with a zip bomb such as in this article
https://www.sitepoint.com/how-to-defend-your-website-with-zip-bombs/
https://tools.kali.org/web-applications/wpscan

The project will be considered a success after a code audit when a screen recording showing WPscan failing on a website with your plugin is installed.

I will retain the rights and source code to the plugin after development.

The plugin should be packaged as a reusable plugin.

Recommended Skills

Winner

Post a Contest Like This

Employer Feedback

“@JakeValladares won the contest on 17 September 2019”

lihanyu1, United States.

Top entries from this contest

JakeValladares Spain

1
sharminzaman3010 Bangladesh

0
pdeb85 India

2
shahalaanjum India

0

View More Entries

Public Clarification Board

pdeb85
- 4 years ago
Hello, I have a question. How do you intend to make the GZIP payload file available through reusable packaging? Thanks, Pratyush
- 4 years ago
nitinktg
- 4 years ago
It is quite impossible to do what you are asking. I did an analysis and below are the findings (to aid other developers as well):

WPScan has a database of plugins to check for in the scan. And the scan does only a HEAD request on the files in the database. EG: /wp-content/plugins/classic-editor/robots.txt. If you want to package it as a reuseable plugin, wpscan first has to know that there is a plugin like that. Even if you manage to spoof a file in an existing plugin and install it manually, it will never get processed as a zipfile as it does only a HEAD request. The ideal way would be to collaborate with WPScan to add this as a feature.
- 4 years ago