From 8222d2f86e81dc77ce31f8c2fd9ebb0c409bedee Mon Sep 17 00:00:00 2001 From: Tim Makram Ghatas Date: Fri, 26 Mar 2021 16:09:41 +0100 Subject: [PATCH] escape user provided data in browser scripts --- Payload_Types/apfell/mythic/browser_scripts/download.js | 4 ++-- Payload_Types/apfell/mythic/browser_scripts/list_apps.js | 4 ++-- Payload_Types/apfell/mythic/browser_scripts/screenshot.js | 4 ++-- .../apfell/mythic/browser_scripts/terminals_read.js | 4 ++-- Payload_Types/atlas/mythic/browser_scripts/ls.js | 4 ++-- Payload_Types/atlas/mythic/browser_scripts/ps.js | 4 ++-- .../poseidon/mythic/browser_scripts/list_entitlements.js | 6 +++--- Payload_Types/poseidon/mythic/browser_scripts/ls.js | 6 +++--- Payload_Types/poseidon/mythic/browser_scripts/ps.js | 4 ++-- 9 files changed, 20 insertions(+), 20 deletions(-) diff --git a/Payload_Types/apfell/mythic/browser_scripts/download.js b/Payload_Types/apfell/mythic/browser_scripts/download.js index a479717b5..717e099fc 100644 --- a/Payload_Types/apfell/mythic/browser_scripts/download.js +++ b/Payload_Types/apfell/mythic/browser_scripts/download.js @@ -7,11 +7,11 @@ function(task, responses){ return "
Finished Downloading " + escapeHTML(file_name) + ". Click here to download
"; } }catch(error){ - return "
Error: " + error.toString() + "\n" + JSON.stringify(responses, null, 2) + "
"; + return "
Error: " + error.toString() + "\n" + escapeHTML(JSON.stringify(responses, null, 2)) + "
"; } } if(task.status === 'error'){ return "
 Error: untoggle for error message(s)
"; } return "
 Downloading...
"; -} \ No newline at end of file +} diff --git a/Payload_Types/apfell/mythic/browser_scripts/list_apps.js b/Payload_Types/apfell/mythic/browser_scripts/list_apps.js index 97f52d04c..89e2dc9bf 100644 --- a/Payload_Types/apfell/mythic/browser_scripts/list_apps.js +++ b/Payload_Types/apfell/mythic/browser_scripts/list_apps.js @@ -27,8 +27,8 @@ function(task, response){ }); } catch(error){ - "
Error: " + error.toString() + "\n" + JSON.stringify(response, null, 2) + "
"; + "
Error: " + error.toString() + "\n" + escapeHTML(JSON.stringify(response, null, 2)) + "
"; } } return support_scripts['apfell_create_table']([{"name":"pid","size":"2em"},{"name":"arch","size":"2em"},{"name":"name", "size":"10em"}, {"name":"frontMost","size":"3em"},{"name":"bin_path","size":"20em"}], rows); -} \ No newline at end of file +} diff --git a/Payload_Types/apfell/mythic/browser_scripts/screenshot.js b/Payload_Types/apfell/mythic/browser_scripts/screenshot.js index fbe9d0e18..83854817f 100644 --- a/Payload_Types/apfell/mythic/browser_scripts/screenshot.js +++ b/Payload_Types/apfell/mythic/browser_scripts/screenshot.js @@ -11,10 +11,10 @@ function(task, responses){ output += "
"; return output; }catch(error){ - return "
Error: " + error.toString() + "\n" + JSON.stringify(responses, null, 2) + "
"; + return "
Error: " + error.toString() + "\n" + escapeHTML(JSON.stringify(responses, null, 2)) + "
"; } } if(task.status === 'processing' || task.status === "processed"){ return "
 downloading pieces ...
"; } -} \ No newline at end of file +} diff --git a/Payload_Types/apfell/mythic/browser_scripts/terminals_read.js b/Payload_Types/apfell/mythic/browser_scripts/terminals_read.js index 6ae06b0de..795bbd7ca 100644 --- a/Payload_Types/apfell/mythic/browser_scripts/terminals_read.js +++ b/Payload_Types/apfell/mythic/browser_scripts/terminals_read.js @@ -19,8 +19,8 @@ function(task, responses){ } } catch(error){ - return "
Error: " + error.toString() + "\n" + JSON.stringify(responses, null, 2) + "
"; + return "
Error: " + error.toString() + "\n" + escapeHTML(JSON.stringify(responses, null, 2)) + "
"; } } return output; -} \ No newline at end of file +} diff --git a/Payload_Types/atlas/mythic/browser_scripts/ls.js b/Payload_Types/atlas/mythic/browser_scripts/ls.js index 1cf45e319..287f47dd0 100644 --- a/Payload_Types/atlas/mythic/browser_scripts/ls.js +++ b/Payload_Types/atlas/mythic/browser_scripts/ls.js @@ -5,7 +5,7 @@ function(task, response) { var data = JSON.parse(response[i]['response']); } catch (error) { //return error.ToString(); - return response; + return escapeHTML(response); } data.forEach(function (r) { @@ -27,4 +27,4 @@ function(task, response) { "name": "Size", "size": "2em" }, {"name": "Lastmodified", "size": "3em"}, {"name": "IsDir", "size": "2em"}], rows); -} \ No newline at end of file +} diff --git a/Payload_Types/atlas/mythic/browser_scripts/ps.js b/Payload_Types/atlas/mythic/browser_scripts/ps.js index cd5de114b..eebc2c35d 100644 --- a/Payload_Types/atlas/mythic/browser_scripts/ps.js +++ b/Payload_Types/atlas/mythic/browser_scripts/ps.js @@ -4,7 +4,7 @@ function(task, response){ try{ var data = JSON.parse(response[i]['response']); }catch(error){ - return response; + return escapeHTML(response); } data.forEach(function(r){ let row_style = ""; @@ -18,4 +18,4 @@ function(task, response){ }); } return support_scripts['atlas_create_table']([{"name":"process_id", "size":"10em"},{"name":"parent_process_id", "size":"10em"}, {"name": "user", "size": "10em"},{"name":"path", "size":""}], rows); -} \ No newline at end of file +} diff --git a/Payload_Types/poseidon/mythic/browser_scripts/list_entitlements.js b/Payload_Types/poseidon/mythic/browser_scripts/list_entitlements.js index 06116bbd4..a211f1543 100644 --- a/Payload_Types/poseidon/mythic/browser_scripts/list_entitlements.js +++ b/Payload_Types/poseidon/mythic/browser_scripts/list_entitlements.js @@ -26,8 +26,8 @@ function(task, responses){ } } } - return "
" + JSON.stringify(dict, null, 6) + "
"; + return "
" + escapeHTML(JSON.stringify(dict, null, 6)) + "
"; }catch(error){ - return "
" + error.toString() + JSON.stringify(responses, null, 6) +  "
"; + return "
" + error.toString() + escapeHTML(JSON.stringify(responses, null, 6)) +  "
"; } -} \ No newline at end of file +} diff --git a/Payload_Types/poseidon/mythic/browser_scripts/ls.js b/Payload_Types/poseidon/mythic/browser_scripts/ls.js index 99a87b222..6487e66ee 100644 --- a/Payload_Types/poseidon/mythic/browser_scripts/ls.js +++ b/Payload_Types/poseidon/mythic/browser_scripts/ls.js @@ -12,7 +12,7 @@ function(task, responses){ if( !data['is_file'] ){ row_style = "background-color: #5E28DC"} let row = {"name": escapeHTML(data['name']), "size": escapeHTML(data['size']), "row-style": row_style, "cell-style": {}}; let perm_data = data['permissions']; - row['permissions'] = perm_data["permissions"]; + row['permissions'] = escapeHTML(perm_data["permissions"]); rows.push(row); if(!data.hasOwnProperty('files')){data['files'] = []} data['files'].forEach(function(r){ @@ -21,7 +21,7 @@ function(task, responses){ let row = {"name": escapeHTML(r['name']), "size": escapeHTML(r['size']), "row-style": row_style, "cell-style": {}}; let perm_data = r['permissions']; perm_data = data['permissions']; - row['permissions'] = perm_data["permissions"]; + row['permissions'] = escapeHTML(perm_data["permissions"]); rows.push(row); }); } @@ -33,4 +33,4 @@ function(task, responses){ console.log(error); return "
 Error: untoggle for error message(s)
"; } -} \ No newline at end of file +} diff --git a/Payload_Types/poseidon/mythic/browser_scripts/ps.js b/Payload_Types/poseidon/mythic/browser_scripts/ps.js index 0bd94d9d4..1acec8133 100644 --- a/Payload_Types/poseidon/mythic/browser_scripts/ps.js +++ b/Payload_Types/poseidon/mythic/browser_scripts/ps.js @@ -5,7 +5,7 @@ function(task, response){ try{ var data = JSON.parse(response[i]['response']); }catch(error){ - return response; + return escapeHTML(response); } data.forEach(function(r){ let row_style = ""; @@ -37,4 +37,4 @@ function(task, response){ {"name":"path", "size":""} ], rows); return output; -} \ No newline at end of file +}