Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

html_escape prevent code execution .

Browse Source 
I noticed when i put HTML content in "beef-xss/config.yaml" file in Version Field.
And Restart Beef(beef_start.png) and Go to Admin Panel in my browser, then my html interpreter and execute.
This issue occurs bcz of "/beef-xss/extensions/admin_ui/controllers/panel/index.html" in this file insecure code implementetion.

NOW html_escape prevent code execution.
This commit is contained in:
Touhid M Shaikh
2017-08-25 15:41:31 +05:30
committed by GitHub
parent f245d12da3
commit 098b9a24bf
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
extensions/admin_ui/controllers/panel/index.html
View File

@@ -26,7 +26,7 @@
</div>
<div class="right-menu">
<img src="<%= base_path %>/media/images/favicon.png" />
BeEF <%= BeEF::Core::Configuration.instance.get('beef.version') %> |
BeEF <%= html_escape BeEF::Core::Configuration.instance.get('beef.version') %> |
<a id='do-submit-bug-menu' href='https://github.com/beefproject/beef/issues/new' target='_blank'>Submit Bug</a> |
<a id='do-logout-menu' href='#'>Logout</a>
</div>