Hacking Swagger-UI - from XSS to account takeovers
Por um escritor misterioso
Descrição
We have reported more than 60 instances of this bug across a wide range of bug bounty programs including companies like Paypal, Atlassian, Microsoft, GitLab, Yahoo
Feihui (@Feihui11) / X
Swagger-ui appears to require 'unsafe-eval' in CSP Headers · Issue #5817 · swagger-api/swagger-ui · GitHub
Bug Bounty Quick Wins: How to exploit XSS Issues on Swagger Instances., Jayesh Madnani posted on the topic
Hacking Swagger-UI - from XSS to account takeovers
Pratik Dabhi (@impratikdabhi) / X
all tools on
Found +6 DomXSS at different programs (Hacking Swagger-UI), by Adham sayed (doosec101)
How to Hack APIs in 2021 - Labs Detectify
Pratik Dabhi (@impratikdabhi) / X
What To Hunt As Beginner, PDF, Denial Of Service Attack
How to Hack APIs in 2021 - Labs Detectify
Newsletter Archive Archives - API Security News
The Bug Bounty Hunter – Telegram
