today I have for you an explanation of the vulnerability that affected Hackerone itself and was reported on their platform. The GraphQL leakage was leaking all the data that was possible accessible via GraphQL API.
Timestamps:
00:00 What is GraphQL?
00:30 GraphQL vs REST API
02:27 egde-based vs node-based access control
04:50 the root cause of the vulnerability
05:53 the impact and the fixes
Original report:
https://hackerone.com/reports/489146
Reporter:
https://hackerone.com/yashrs
https://twitter.com/y_sodha
#graphql #hackerone
Add comment