Description: This Nuclei template is designed to detect potential Swagger UI Config URL injection vulnerabilities. The template specifically targets endpoints commonly used in API documentation systems, such as Swagger UI, and checks for the presence of the configUrl parameter, which can be exploited to inject external configuration files, leading to potential XSS attacks or other security risks.
The template is finely tuned to minimize false positives by focusing on Swagger-specific patterns, such as the presence of keywords like "swagger," "api-docs," or versioned paths typically associated with Swagger UI setups.
Usage:
# Basic Scan: To run a basic scan against a list of domains:
This template is useful for security researchers and penetration testers looking to identify misconfigured or vulnerable Swagger UI instances in web applications.
# Notes:
Please note it may produce False Positives however if it does alert with the Config but does not execute please try with the other XSS Swagger Url