crash.software
Projects
Pull Requests
Issues
Builds
gophish
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY gophish Commits b9824f6a
🤬

  • Added logic to unescape template variables in Word documents for remote images

  • Loading...
  • Glenn Wilkinson committed 2 years ago
    b9824f6a
    1 parent 51cb65a4
  • ■ ■ ■ ■ ■ ■
    models/attachment.go
    skipped 5 lines
    6 6   "encoding/base64"
    7 7   "io"
    8 8   "io/ioutil"
     9 + "net/url"
    9 10   "path/filepath"
     11 + "regexp"
    10 12   "strings"
    11 13  )
    12 14   
    skipped 82 lines
    95 97   subFileExtension := filepath.Ext(zipFile.Name)
    96 98   var tFile string
    97 99   if subFileExtension == ".xml" || subFileExtension == ".rels" { // Ignore other files, e.g binary ones and images
     100 + // First we look for instances where Word has URL escaped our template variables. This seems to happen when inserting a remote image, converting {{.Foo}} to %7b%7b.foo%7d%7d.
     101 + // See https://stackoverflow.com/questions/68287630/disable-url-encoding-for-includepicture-in-microsoft-word
     102 + rx, _ := regexp.Compile("%7b%7b.([a-zA-Z]+)%7d%7d")
     103 + contents := rx.ReplaceAllFunc(contents, func(m []byte) []byte {
     104 + d, err := url.QueryUnescape(string(m))
     105 + if err != nil {
     106 + return m
     107 + }
     108 + return []byte(d)
     109 + })
     110 + 
    98 111   // For each file apply the template.
    99 112   tFile, err = ExecuteTemplate(string(contents), ptx)
    100 113   if err != nil {
    skipped 44 lines
Please wait...
Page is in error, reload to recover