Command injection vulnerability was identified in NPM package rising version 1.0.2
Resources:
- Project's NPM Package: https://www.npmjs.com/package/rising
- Project's NPM JS registery: https://registry.npmjs.org/rising
# this command will return instances where the child_process module is loaded. | |
# that module is generally a good signal that the application is shelling out | |
egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "require(\s*)\((\s*)'child_process'(\s*))" . | |
# this command will return instances where code is dynamically executed. | |
egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "eval(\s*)\(" . | |
# this command will check common dangerous functions and report when strings are arguments | |
egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "(setInterval|setTimeout|new(\s*)Function)(\s*)\((\s*)\".*\"" . |
domain | |
123rf.com | |
1stdibs.com | |
2u.com | |
ba.com | |
babylist.com | |
bananatag.com | |
baylor.edu | |
bbcgoodfood.com | |
bcm.edu |
Command injection vulnerability was identified in NPM package rising version 1.0.2
Resources:
a | |
a-- | |
A- | |
a0 | |
a0-tzmigration-ruby | |
a1 | |
a11n | |
A_123 | |
a1330ks_bmi | |
a13g |
[ | |
"express", | |
"afnan" | |
] |
#!/bin/bash | |
filename=$1 | |
output_str="(" | |
while read -r line; do | |
output_str+="ip.src eq $line) or (" | |
done < "$filename" | |
output_str=${output_str% or (*} |
import requests | |
import sys | |
import json | |
import concurrent.futures | |
output_file = open("emails_res.txt", "w") | |
def Emails(package): | |
req = requests.get("https://api.npms.io/v2/package/{}".format(package)) |
` | |
~/ | |
~ | |
×™× | |
___ | |
__ | |
_ |
.aaa | |
.aarp | |
.abarth | |
.abb | |
.abbott | |
.abbvie | |
.abc | |
.able | |
.abogado | |
.abudhabi |
# Coded by Geekink | |
#!/usr/bin/env python3 | |
import urllib.request | |
import sqlite3 | |
import os.path | |
import re | |
import math |