Patched jquery-encoder to prevent exception on encoderForJavascript. Patched wterm.jquery.js to prevent XSS. Added IP/port validation to IPEC shell.
This commit is contained in:
antisnatchor
@@ -21,7 +21,7 @@ encoded+=': ';}
|
||||
for(var i=0;i<input.length;i++){var ch=input.charAt(i),cc=input.charCodeAt(i);if(!ch.match(/[a-zA-Z0-9]/)&&$.inArray(ch,immune)<0){var hex=cc.toString(16);var pad='000000'.substr((hex.length));encoded+='\\'+pad+hex;}else{encoded+=ch;}}
|
||||
return encoded;},encodeForURL:function(input,attr){hasBeenInitialized=true;var encoded='';if(attr){if(attr.match(/^[A-Za-z\-0-9]{1,}$/)){encoded+=$.encoder.canonicalize(attr).toLowerCase();}else{throw"Illegal Attribute Name Specified";}
|
||||
encoded+='="';}
|
||||
encoded+=encodeURIComponent(input);encoded+=attr?'"':'';return encoded;},encodeForJavascript:function(input){hasBeenInitialized=true;if(!immune)immune=default_immune['js'];var encoded='';for(var i=0;i<input.length;i++){var ch=input.charAt(i),cc=input.charCodeAt(i);if($.inArray(ch,immune)>=0||hex[cc]==null){encoded+=ch;continue;}
|
||||
encoded+=encodeURIComponent(input);encoded+=attr?'"':'';return encoded;},encodeForJavascript:function(input){hasBeenInitialized=true;immune=default_immune['js'];var encoded='';for(var i=0;i<input.length;i++){var ch=input.charAt(i),cc=input.charCodeAt(i);if($.inArray(ch,immune)>=0||hex[cc]==null){encoded+=ch;continue;}
|
||||
var temp=cc.toString(16),pad;if(cc<256){pad='00'.substr(temp.length);encoded+='\\x'+pad+temp.toUpperCase();}else{pad='0000'.substr(temp.length);encoded+='\\u'+pad+temp.toUpperCase();}}
|
||||
return encoded;},canonicalize:function(input,strict){hasBeenInitialized=true;if(input===null)return null;var out=input,cycle_out=input;var decodeCount=0,cycles=0;var codecs=[new HTMLEntityCodec(),new PercentCodec(),new CSSCodec()];while(true){cycle_out=out;for(var i=0;i<codecs.length;i++){var new_out=codecs[i].decode(out);if(new_out!=out){decodeCount++;out=new_out;}}
|
||||
if(cycle_out==out){break;}
|
||||
|
||||
@@ -85,6 +85,11 @@ ZombieTab_IpecTab = function(zombie) {
|
||||
return str;
|
||||
}
|
||||
|
||||
function validateNumber(input, min, max) {
|
||||
var value = parseInt(input);
|
||||
return (!isNaN(value) && value >= min && value <= max);
|
||||
}
|
||||
|
||||
|
||||
function initTerminal(zombie){
|
||||
String.prototype.reverse = function() {
|
||||
@@ -99,42 +104,18 @@ ZombieTab_IpecTab = function(zombie) {
|
||||
var target_port = "";
|
||||
|
||||
var command_directory = {
|
||||
'eval': function( tokens ) {
|
||||
tokens.shift();
|
||||
var expression = tokens.join( ' ' );
|
||||
var result = '';
|
||||
try {
|
||||
result = eval( expression );
|
||||
} catch( e ) {
|
||||
result = 'Error: ' + e.message;
|
||||
}
|
||||
return result;
|
||||
},
|
||||
|
||||
'date': function( tokens ) {
|
||||
var now = new Date();
|
||||
return now.getDate() + '-' +
|
||||
now.getMonth() + '-' +
|
||||
( 1900 + now.getYear() )
|
||||
},
|
||||
|
||||
'cap': function( tokens ) {
|
||||
tokens.shift();
|
||||
return tokens.join( ' ' ).toUpperCase();
|
||||
},
|
||||
|
||||
'go': function( tokens ) {
|
||||
var url = tokens[1];
|
||||
document.location.href = url;
|
||||
},
|
||||
|
||||
'target': function(tokens){
|
||||
var ip_regex = new RegExp('^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$');
|
||||
target_ip = tokens[1];
|
||||
target_port = tokens[2];
|
||||
return "Target is now " + tokens[1] + ":" + tokens[2];
|
||||
target_port = tokens[2];
|
||||
if(ip_regex.test(target_ip) && validateNumber(target_port, 1, 65535)){
|
||||
return "Target is now " + tokens[1] + ":" + tokens[2];
|
||||
}else{
|
||||
return "Target error: invalid IP or port.";
|
||||
}
|
||||
},
|
||||
|
||||
|
||||
'exec': function(tokens){
|
||||
if(target_ip.length == 0 || target_port.length == 0)
|
||||
return "Error: target ip or port not set."
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
* Command History.
|
||||
* Commandline Editing.
|
||||
*
|
||||
* Modified by antisnatchor
|
||||
* Modified by antisnatchor (also to prevent XSS, see line 270)
|
||||
* */
|
||||
|
||||
( function( $ ) {
|
||||
@@ -266,7 +266,10 @@
|
||||
|
||||
if( typeof key === 'function' ) {
|
||||
data = key( tokens );
|
||||
if( data ) { update_content( get_current_prompt(), value, data ) }
|
||||
/*
|
||||
* antisnatchor: preventing XSS
|
||||
*/
|
||||
if( data ) { update_content( get_current_prompt(), $jEncoder.encoder.encodeForJavascript(value), data)}
|
||||
} else if( typeof key === 'string' ) {
|
||||
var to_send = { };
|
||||
to_send[ settings.AJAX_PARAM ] = tokens.join( ' ' );
|
||||
|
||||
Reference in New Issue
Block a user