Back to directory

WRITEUP #1450

Exposing Users Table From a Leaky GraphQL Query

APIGraphQLBroken authorizationBroken Access Control

by@3nc0d3dGuY(Inderjeet Singh - encodedguy)

Program

-

Published

Mar 6, 2023

Added to HackDex

Mar 6, 2023

Read Full Writeuphttps://rashahacks.com/exposing-users-table-from-a-leaky-graphql-query/

▸ RELATED WRITEUPS

Authorization bypass due to cache misconfiguration

APIAuthorization bypass

The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover

CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)

RCEForced browsing

How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System

ReconMissing authentication

Vestaboard: Exploring Broken Access Controls and Privilege Escalation

Privilege EscalationBroken Access Control

Built with ❤️ by Shubham Rawat