Exploitation Summary
EIP tracks 1 public exploit for CVE-2016-5641.
PoCs published by ethersnowman <[email protected]>, including Metasploit module exploits/multi/fileformat/swagger_param_inject.
AI-analyzed exploit summary This Metasploit module generates a malicious OpenAPI/Swagger JSON document that injects payloads into various fields (e.g., INFO_DESCRIPTION, PATH) to achieve remote code execution when processed by vulnerable Swagger CodeGen tools. It supports multiple target languages (NodeJS, PHP, Ruby, Java JSP) by embedding payloads in language-specific syntax.
Description
This module generates an Open API Specification 2.0 (Swagger) compliant json document that includes payload insertion points in parameters. In order for the payload to be executed, an attacker must convince someone to generate code from a specially modified swagger.json file within a vulnerable swagger-codgen appliance/container/api/service, and then to execute that generated code (or include it into software which will later be executed by another victim). By doing so, an attacker can execute arbitrary code as the victim user. The same vulnerability exists in the YAML format.
Exploits (1)
This Metasploit module generates a malicious OpenAPI/Swagger JSON document that injects payloads into various fields (e.g., INFO_DESCRIPTION, PATH) to achieve remote code execution when processed by vulnerable Swagger CodeGen tools. It supports multiple target languages (NodeJS, PHP, Ruby, Java JSP) by embedding payloads in language-specific syntax.