module
JSON Swagger CodeGen Parameter Injector
| Disclosed | Created |
|---|---|
| 2016-06-23 | 2018-05-30 |
Disclosed
2016-06-23
Created
2018-05-30
Description
This module generates an Open API Specification 2.0 (Swagger) compliant
json document that includes payload insertion points in parameters.
In order for the payload to be executed, an attacker must convince
someone to generate code from a specially modified swagger.json file
within a vulnerable swagger-codgen appliance/container/api/service,
and then to execute that generated code (or include it into software
which will later be executed by another victim). By doing so, an
attacker can execute arbitrary code as the victim user. The same
vulnerability exists in the YAML format.
json document that includes payload insertion points in parameters.
In order for the payload to be executed, an attacker must convince
someone to generate code from a specially modified swagger.json file
within a vulnerable swagger-codgen appliance/container/api/service,
and then to execute that generated code (or include it into software
which will later be executed by another victim). By doing so, an
attacker can execute arbitrary code as the victim user. The same
vulnerability exists in the YAML format.
Author
ethersnowman scott_davis@rapid7.com
Platform
Java,NodeJS,PHP,Ruby
Architectures
nodejs, php, java, ruby
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.