all InfoSec news
Swagger XSS Mass Hunting
July 31, 2023, 3:43 a.m. | YoungVanda
InfoSec Write-ups - Medium infosecwriteups.com
In the name of Allah
Hi guys, in this write-up, I’m gonna explain my own approach towards Swagger XSS and why I don’t use the Nuclei template ( swagger-api.yaml) ;d
The Entire Flow
1. Find as many subdomains as possible
2. cat all_subs.txt | dnsx | tee -a resolved_ones.txt
3. cat resolved_ones.txt | httpx | tee -a alive_ones.txt
4. ffuf -w /root/wordlist/api/swagger_xss.txt:FUZZ -w alive_ones.txt:URL -u URLFUZZ -mc 200 -o ffuf-result.txt
5. cat ffuf-result.txt | jq -r .results[].url | tee -a …
api bug bounty cat don ffuf find fuzz hunting name nuclei own root subdomains swagger template txt wordlist write-up xss yaml
More from infosecwriteups.com / InfoSec Write-ups - Medium
Private Interact.sh server setup with a web dashboard
1 day, 22 hours ago |
infosecwriteups.com
Hack Stories: Hacking Hackers EP:3
3 days, 22 hours ago |
infosecwriteups.com
Mastering Shodan Search Engine
4 days, 23 hours ago |
infosecwriteups.com
Email Verification Bypass via Remember Me
4 days, 23 hours ago |
infosecwriteups.com
Typo Trouble: Exploring the Telegram Python RCE Vulnerability
4 days, 23 hours ago |
infosecwriteups.com
Active DNS Recon using AXIOM
4 days, 23 hours ago |
infosecwriteups.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Associate Compliance Advisor
@ SAP | Budapest, HU, 1031
DevSecOps Engineer
@ Qube Research & Technologies | London
Software Engineer, Security
@ Render | San Francisco, CA or Remote (USA & Canada)
Associate Consultant
@ Control Risks | Frankfurt, Hessen, Germany
Senior Security Engineer
@ Activision Blizzard | Work from Home - CA