diff --git a/extensions/admin_ui/media/javascript/ui/panel/common.js b/extensions/admin_ui/media/javascript/ui/panel/common.js index 1727e17b8..594237c78 100644 --- a/extensions/admin_ui/media/javascript/ui/panel/common.js +++ b/extensions/admin_ui/media/javascript/ui/panel/common.js @@ -249,18 +249,24 @@ function genExistingExploitPanel(panel, command_id, zombie, sb) { html = String.format("
{0}
", value); html += '

'; for(index in record.data.data) { - result = record.data.data[index]; + result = $jEncoder.encoder.encodeForHTML(record.data.data[index]).replace(/<br>/g,'
'); index = index.toString().replace('_', ' '); - //Check if the data is the image parameter and that it's a base64 encoded png. - if ($jEncoder.encoder.encodeForHTML(result).replace(/<br>/g,'
').substring(0,28) == "image=data:image/png;base64,") { - //Lets display the image. // Does this introduce issues? Or, does the encoding keep this sound? - html += String.format('
', $jEncoder.encoder.encodeForHTML(result).replace(/<br>/g,'
').substring(6)); - } else { - //output escape everything, but allow the
tag for better rendering. - html += String.format('{0}: {1}
', index, $jEncoder.encoder.encodeForHTML(result).replace(/<br>/g,'
')); + // Check if the data is the image parameter and that it's a base64 encoded png. + if (result.substring(0,28) == "image=data:image/png;base64,") { + // Lets display the image + try { + base64_data = window.atob(result.substring(29,result.length)); + html += String.format('
', result.substring(6)); + } catch(e) { + beef.debug("Received invalid base64 encoded image string: "+e.toString()); + html += String.format('{0}: {1}
', index, result); + } + } else { + // output escape everything, but allow the
tag for better rendering. + html += String.format('{0}: {1}
', index, result); } } - + html += '

'; return html; }