From 86d191c43b543087ab4be01b152d47275bf38805 Mon Sep 17 00:00:00 2001
From: "wade@bindshell.net"
 <wade@bindshell.net@b87d56ec-f9c0-11de-8c8a-61c5e9addfc9>
Date: Sun, 13 Feb 2011 13:13:11 +0000
Subject: [PATCH] filtering added to HTTP host value

git-svn-id: https://beef.googlecode.com/svn/trunk@737 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
---
 lib/server/zombiehandler.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/server/zombiehandler.rb b/lib/server/zombiehandler.rb
index 8c7c10e8b..e54d0f3c6 100644
--- a/lib/server/zombiehandler.rb
+++ b/lib/server/zombiehandler.rb
@@ -44,7 +44,9 @@ module BeEF
       if not hooked_browser # is a new browser so return instructions to set up the hook
         
         # generate the instructions to hook the browser
-        build_beefjs!(@request.host)
+        host_name = @request.host # get the host from the HOST attribute in the HTTP header
+        raise WEBrick::HTTPStatus::BadRequest, "Invalid host name" if not Filter.is_valid_hostname?(host_name)
+        build_beefjs!(host_name)
       
       else # is a known browseer so send instructions