From 098b9a24bf7f826c5a0a1d95de15b1dd0996a2e0 Mon Sep 17 00:00:00 2001
From: Touhid M Shaikh <touhidshaikh22@gmail.com>
Date: Fri, 25 Aug 2017 15:41:31 +0530
Subject: [PATCH] html_escape prevent code execution .

I noticed when i put HTML content in "beef-xss/config.yaml" file in Version Field.
And Restart Beef(beef_start.png) and Go to Admin Panel in my browser, then my html interpreter and execute.
This issue occurs bcz of "/beef-xss/extensions/admin_ui/controllers/panel/index.html" in this file insecure code implementetion.

NOW html_escape prevent code execution.
---
 extensions/admin_ui/controllers/panel/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/extensions/admin_ui/controllers/panel/index.html b/extensions/admin_ui/controllers/panel/index.html
index a3484aa80..09efca88a 100644
--- a/extensions/admin_ui/controllers/panel/index.html
+++ b/extensions/admin_ui/controllers/panel/index.html
@@ -26,7 +26,7 @@
 		</div>
 		<div class="right-menu">
 			<img src="<%= base_path %>/media/images/favicon.png" />
-			BeEF <%= BeEF::Core::Configuration.instance.get('beef.version') %> | 
+			BeEF <%= html_escape BeEF::Core::Configuration.instance.get('beef.version') %> | 
 			<a id='do-submit-bug-menu' href='https://github.com/beefproject/beef/issues/new' target='_blank'>Submit Bug</a> | 
 			<a id='do-logout-menu' href='#'>Logout</a>
 		</div>