ch0ic3/reverse-shell-generator
1
0
Fork 0
mirror of https://github.com/0dayCTF/reverse-shell-generator.git synced 2024-12-19 19:36:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fixes #82 (incorrect URL encoding)

Browse Source
This commit is contained in:
Gustaf Blomqvist 2022-03-25 23:08:52 +01:00
parent dbc4256820
commit 64c1f531d0
No known key found for this signature in database
GPG Key ID: 703F4370109F5137
2 changed files with 27 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
index.html
View File

@ -275,8 +275,8 @@
<div class="col-auto"> <div class="col-auto">
<select id="encoding" class="custom-select"> <select id="encoding" class="custom-select">
<option value="None">None</option> <option value="None">None</option>
<option value="encodeURI">URLEncode</option> <option value="encodeURL">URL Encode</option>
<option value="encodeURIComponent">Double URLEncode</option> <option value="encodeURLDouble">Double URL Encode</option>
<option value="Base64">Base64</option> <option value="Base64">Base64</option>
</select> </select>
</div> </div>

35
js/script.js
View File

@ -82,6 +82,13 @@ const filterCommandData = function (data, { commandType, filter }) {
const query = new URLSearchParams(location.hash.substring(1)); const query = new URLSearchParams(location.hash.substring(1));
// From https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent
const fixedEncodeURIComponent = function (str) {
return encodeURIComponent(str).replace(/[!'()*]/g, function(c) {
return '%' + c.charCodeAt(0).toString(16).toUpperCase();
});
}
const rsg = { const rsg = {
ip: query.get('ip') || localStorage.getItem('ip') || '10.10.10.10', ip: query.get('ip') || localStorage.getItem('ip') || '10.10.10.10',
port: query.get('port') || localStorage.getItem('port') || 9001, port: query.get('port') || localStorage.getItem('port') || 9001,
@ -124,7 +131,11 @@ const rsg = {
} }
}, },
escapeHTML: (text) => String(text).replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;'), escapeHTML: (text) => {
let element = document.createElement('p');
element.textContent = text;
return element.innerHTML;
},
getIP: () => rsg.ip, getIP: () => rsg.ip,
@ -187,16 +198,20 @@ const rsg = {
command = btoa(command) command = btoa(command)
} else { } else {
function encoder(string) { function encoder(string) {
return (encoding === 'encodeURI' || encoding === 'encodeURIComponent') ? window[ let result = string;
encoding](string) : string switch (encoding) {
case 'encodeURLDouble':
result = fixedEncodeURIComponent(result);
// fall-through
case 'encodeURL':
result = fixedEncodeURIComponent(result);
break;
} }
return result;
command = rsg.escapeHTML(command); }
command = rsg.insertParameters( command = rsg.escapeHTML(encoder(command));
rsg.highlightParameters( // NOTE: Assumes encoder doesn't produce HTML-escaped characters in parameters
encoder(command), encoder), command = rsg.insertParameters(rsg.highlightParameters(command, encoder), encoder);
encoder
)
} }
return command; return command;