Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/custer-debug/servergolang
####This repository includes a backend and a frontend server.
I use golang as my programming language. For the frontend, I used bootstrap. It is not in this repository, but you can download it from the link bootstrap Also, to test this API, you need to install some packages. Before installing fiber , I advise you to read the documentation.
go get -u github.com/gofiber/fiber/v2
This is the link to work with the database, and the link to install MySql for Golang:
go get -u github.com/go-sql-driver/mysql
Communication is established using XHR-requests
####At the moment, this project has completed:
Login page.
The problem of different directory transitions was solved with the help of Cookies
.
Here cookies are a json string like this:
{
ID: int
FirstName: string
LastName: string
}
ID makes it easy to navigate the database. First and last name for detailed user identification. When you go to any other page of the site without authorization, the script will return to the login page. If there is a response from the backend that the password is incorrect, then a red notification appears, and you need to try again.
Sign Up Page. There is a link under the submit button that leads to the registration form. When filling in all the fields, a request sent with the addition of the user to the database. If all the data is correct, then the user moved to the login page.
Welcome Page. If authentication is successful, the user redirected to the welcome page.
In fact, I do not know yet what exactly the site will be directed to, so I just made a greeting like: Hello, FirstName LastName.
All pages use templates.
The navigation bar has:
4.1 Packy
Site logo
4.2 Dropdown menu
, in which there are two cells, but this is still in development.
There are two buttons in the right corner:
4.3 Settings
(Read on about this)
4.4 Log out
This button is responsible for logging out and logging off the session.
By clicking on this button, the cookies cleared, and the user returned to the login page.
Settings. There are three tabs here:
5.1 Profile
Here the user can edit his data. Namely, the data that is in the database:
Name and surname, date of birth, phone number, login.
Upon successful editing, a positive response comes from the server
5.2 Private
Here the user can change the password.
The request will not be sent until the user enters the correct data,
namely the old password and the new password twice
5.3 Sites
This section is still under construction.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.