Back to directory

WRITEUP #1425

I Earned $3500 and 40 Points for A GraphQL Blind SQL Injection Vulnerability.

SQL InjectionGraphQL

by@nav1n0x(nav1n)

Bounty

3,500

Program

-

Published

Mar 10, 2023

Added to HackDex

Mar 15, 2023

Read Full Writeuphttps://nav1n.medium.com/i-earned-3500-and-40-points-for-a-graphql-blind-sql-injection-vulnerability-5b7e428c477d

▸ RELATED WRITEUPS

Directory Traversal, SQL Injection and Server-Side Request Forgery

SQL InjectionPath traversal

Breaking Down Barriers: Exploiting Pre-Auth SQL Injection In WhatsUp Gold - CVE-2024-6670

SQL InjectionReverse engineering

Bypassing airport security via SQL injection

Authorization bypass due to cache misconfiguration

APIAuthorization bypass

World of SELECT-only PostgreSQL Injections: (Ab)using the filesystem

Built with ❤️ by Shubham Rawat