Hello,
today I have for you an explanation of the vulnerability that affected Hackerone itself and was reported on their platform. The GraphQL leakage was leaking all the data that was possible accessible via GraphQL API.

Timestamps:
00:00 What is GraphQL?
00:30 GraphQL vs REST API
02:27 egde-based vs node-based access control
04:50 the root cause of the vulnerability
05:53 the impact and the fixes

Original report:
https://hackerone.com/reports/489146

Reporter:
https://hackerone.com/yashrs
https://twitter.com/y_sodha

#graphql #hackerone

Add comment

Your email address will not be published. Required fields are marked *