???? Get access to the full case study: https://bbre.dev/gql
✉️ Sign up for the mailing list: https://bbre.dev/nl
???? Follow me on Twitter: https://bbre.dev/tw
I analyzed disclosed GraphQL bug bounty reports to see what bugs occur in real life. In this video, I go over the bugs caused by the GraphQL implementations that include access control, DoS, SQL injection and CSRFs.
???? Get $100 in credits for Digital Ocean: https://bbre.dev/do
Links mentioned in the video
Authorization – read
https://hackerone.com/reports/343464
https://infosecwriteups.com/this-is-how-i-was-able-to-see-private-archived-posts-stories-of-users-on-instagram-without-de70ca39165c
Authorization – Create/Update
https://hackerone.com/reports/2233480
Authorization – Delete
https://hackerone.com/reports/858671
DoS
https://www.landh.tech/blog/20240304-google-hack-50000/
https://www.youtube.com/watch?v=b7WlUofPJpU
SQL injection
https://hackerone.com/reports/435066
Disclosing GQL schema
https://medium.com/@pranaybafna/graphql-introspection-leads-to-sensitive-data-disclosure-65b385452d7f
CSRF
https://doyensec.com/resources/Doyensec_Apollo_Report_Q22022_v4_AfterRetest.pdf
Bypassing GitHub’s OAuth flow with a HEAD-based CSRF: https://blog.teddykatz.com/2019/11/05/github-oauth-bypass.html
Timestamps:
00:00 Intro
0:19 GraphQL and unauthorized data access bugs
2:15 GraphQL and unauthorized data creation or modification bugs
3:27 GraphQL and unauthorized data deletion bugs
6:11 How GraphQL leads to DoS?
7:29 How can GraphQL cause an SQL injection?
10:09 Is disclosing a GQL schema a bug to report in a bug bounty?
11:28 GraphQL CSRFs
Add comment