escape user provided data in browser scripts

Author: TimBF

Payload_Types/apfell/mythic/browser_scripts/download.js

@@ -7,11 +7,11 @@ function(task, responses){
 		      return "<div class='card'><div class='card-header border border-dark shadow'>Finished Downloading <span class='display'>" + escapeHTML(file_name) + "</span>. Click <a href='/api/v1.4/files/download/" + status['agent_file_id'] + "'>here</a> to download</div></div>";
 	    	}
     }catch(error){
-       return "<pre>Error: " + error.toString() + "\n" + JSON.stringify(responses, null, 2) + "</pre>";
+       return "<pre>Error: " + error.toString() + "\n" + escapeHTML(JSON.stringify(responses, null, 2)) + "</pre>";
     }
   }
   if(task.status === 'error'){
   	return "<pre> Error: untoggle for error message(s) </pre>";
   }
   return "<pre> Downloading... </pre>";
-}
+}

Payload_Types/apfell/mythic/browser_scripts/list_apps.js

@@ -27,8 +27,8 @@ function(task, response){
 		    });
     }
     catch(error){
-        "<pre>Error: " + error.toString() + "\n" + JSON.stringify(response, null, 2) + "</pre>";
+        "<pre>Error: " + error.toString() + "\n" + escapeHTML(JSON.stringify(response, null, 2)) + "</pre>";
     }
   }
   return support_scripts['apfell_create_table']([{"name":"pid","size":"2em"},{"name":"arch","size":"2em"},{"name":"name", "size":"10em"}, {"name":"frontMost","size":"3em"},{"name":"bin_path","size":"20em"}], rows);
-}
+}

Payload_Types/apfell/mythic/browser_scripts/screenshot.js

@@ -11,10 +11,10 @@ function(task, responses){
           output += "<div class='response-background card-body' style='padding:0'><img src='/api/v1.4/files/screencaptures/" + escapeHTML(id) + "' width='100%'></div></div></div>";
                   return output;
         }catch(error){
-           return "<pre>Error: " + error.toString() + "\n" + JSON.stringify(responses, null, 2) + "</pre>";
+           return "<pre>Error: " + error.toString() + "\n" + escapeHTML(JSON.stringify(responses, null, 2)) + "</pre>";
         }
       }
     if(task.status === 'processing' || task.status === "processed"){
   	    return "<pre> downloading pieces ...</pre>";
       }
-}
+}

Payload_Types/apfell/mythic/browser_scripts/terminals_read.js

@@ -19,8 +19,8 @@ function(task, responses){
 		}
     }
     catch(error){
-        return "<pre>Error: " + error.toString() + "\n" + JSON.stringify(responses, null, 2) + "</pre>";
+        return "<pre>Error: " + error.toString() + "\n" + escapeHTML(JSON.stringify(responses, null, 2)) + "</pre>";
     }
   }
   return output;
-}
+}

Payload_Types/atlas/mythic/browser_scripts/ls.js

@@ -5,7 +5,7 @@ function(task, response) {
             var data = JSON.parse(response[i]['response']);
         } catch (error) {
             //return error.ToString();
-            return response;
+            return escapeHTML(response);
         }
 
         data.forEach(function (r) {
@@ -27,4 +27,4 @@ function(task, response) {
         "name": "Size",
         "size": "2em"
     }, {"name": "Lastmodified", "size": "3em"}, {"name": "IsDir", "size": "2em"}], rows);
-}
+}

Payload_Types/atlas/mythic/browser_scripts/ps.js

@@ -4,7 +4,7 @@ function(task, response){
     try{
         var data = JSON.parse(response[i]['response']);
     }catch(error){
-        return response;
+        return escapeHTML(response);
     }
     data.forEach(function(r){
       let row_style = "";
@@ -18,4 +18,4 @@ function(task, response){
     });
   }
   return support_scripts['atlas_create_table']([{"name":"process_id", "size":"10em"},{"name":"parent_process_id", "size":"10em"}, {"name": "user", "size": "10em"},{"name":"path", "size":""}], rows);
-}
+}

Payload_Types/poseidon/mythic/browser_scripts/list_entitlements.js

@@ -26,8 +26,8 @@ function(task, responses){
 				}
 			}
 		}
-		return "<pre>" + JSON.stringify(dict, null, 6) + "</pre>";
+		return "<pre>" + escapeHTML(JSON.stringify(dict, null, 6)) + "</pre>";
 	}catch(error){
-		return "<pre>" + error.toString() + JSON.stringify(responses, null, 6) +  "</pre>";
+		return "<pre>" + error.toString() + escapeHTML(JSON.stringify(responses, null, 6)) +  "</pre>";
 	}
-}
+}

Payload_Types/poseidon/mythic/browser_scripts/ls.js

@@ -12,7 +12,7 @@ function(task, responses){
         if( !data['is_file'] ){ row_style = "background-color: #5E28DC"}
 		let row = {"name": escapeHTML(data['name']), "size": escapeHTML(data['size']), "row-style": row_style, "cell-style": {}};
 		let perm_data = data['permissions'];
-		row['permissions'] = perm_data["permissions"];
+		row['permissions'] = escapeHTML(perm_data["permissions"]);
 		rows.push(row);
 	    if(!data.hasOwnProperty('files')){data['files'] = []}
 	    data['files'].forEach(function(r){
@@ -21,7 +21,7 @@ function(task, responses){
             let row = {"name": escapeHTML(r['name']), "size": escapeHTML(r['size']), "row-style": row_style, "cell-style": {}};
             let perm_data = r['permissions'];
             perm_data = data['permissions'];
-			row['permissions'] = perm_data["permissions"];
+			row['permissions'] = escapeHTML(perm_data["permissions"]);
 			rows.push(row);
 		});
 	}
@@ -33,4 +33,4 @@ function(task, responses){
         console.log(error);
         return  "<pre> Error: untoggle for error message(s) </pre>";
     }
-}
+}

Payload_Types/poseidon/mythic/browser_scripts/ps.js

@@ -5,7 +5,7 @@ function(task, response){
     try{
         var data = JSON.parse(response[i]['response']);
     }catch(error){
-        return response;
+        return escapeHTML(response);
     }
     data.forEach(function(r){
       let row_style = "";
@@ -37,4 +37,4 @@ function(task, response){
       {"name":"path", "size":""}
       ], rows);
   return output;
-}
+}