From b38b116c9ab558c8549331860f97252743666f55 Mon Sep 17 00:00:00 2001 From: Scott Davis Date: Thu, 23 Jun 2016 15:33:11 -0700 Subject: [PATCH] @ePaul comments added to description. --- .../exploits/multi/fileformat/swagger_param_inject.rb | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/modules/exploits/multi/fileformat/swagger_param_inject.rb b/modules/exploits/multi/fileformat/swagger_param_inject.rb index 4c7c7878b3..0165d019bc 100644 --- a/modules/exploits/multi/fileformat/swagger_param_inject.rb +++ b/modules/exploits/multi/fileformat/swagger_param_inject.rb @@ -27,10 +27,11 @@ class MetasploitModule < Msf::Exploit::Remote This module generates a Open API Specification 2.0 (Swagger) compliant json document that includes payload insertion points in parameters. - In order for the payload to be executed, an attacker must convince someone to - open a specially modified swagger.json file with with a vulnerable swagger-codgen - appliance/container/api/service. By doing so, an attacker can - execute arbitrary code as the victim user. + In order for the payload to be executed, an attacker must convince someone to + generate code from a specially modified swagger.json file within a vulnerable swagger-codgen + appliance/container/api/service, and then to execute that generated code (or include it into + software which will later be executed by another victim). By doing so, an attacker can execute + arbitrary code as the victim user. (The same vulnerability exists in the YAML format) }, 'License' => MSF_LICENSE, 'Author' =>