3121 matches found
Hasura GraphQL 1.3.3 Remote Code Execution
Exploit Title: Hasura GraphQL 1.3.3 - Remote Code Execution Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/23/2021 Tested on: Ubuntu import requests import sys HASURASCHEME = 'http' HASURAHOST = '192.34.57.144'...
Hasura GraphQL 1.3.3 - Remote Code Execution
Exploit Title: Hasura GraphQL 1.3.3 - Remote Code Execution Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/23/2021 Tested on: Ubuntu import requests import sys HASURASCHEME = 'http' HASURAHOST = '192.34.57.144'...
Hasura GraphQL 1.3.3 - Local File Read Exploit
Exploit Title: Hasura GraphQL 1.3.3 - Local File Read Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Tested on: Ubuntu import requests import sys HASURASCHEME = 'http' HASURAHOST = '192.168.1.1' HASURAPORT = 80 READFILE ...
Hasura GraphQL 1.3.3 - Denial of Service Exploit
Exploit Title: Hasura GraphQL 1.3.3 - Denial of Service Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Author: Dolev Farhi Tested on: Ubuntu import sys import requests import threading HASURASCHEME = 'http' HASURAHOST = '192.168.1.1' HASURAPORT = 8...
Hasura GraphQL 1.3.3 Denial Of Service
Exploit Title: Hasura GraphQL 1.3.3 - Denial of Service Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Author: Dolev Farhi Date: 4/19/2021 Tested on: Ubuntu import sys import requests import threading HASURASCHEME = 'http' HASURAHOST = '192.168.1.1...
Hasura GraphQL 1.3.3 Arbitrary File Read
Exploit Title: Hasura GraphQL 1.3.3 - Local File Read Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/19./2021 Tested on: Ubuntu import requests import sys HASURASCHEME = 'http' HASURAHOST = '192.168.1.1' HASURAPO...
Hasura GraphQL 1.3.3 Server-Side Request Forgery
Exploit Title: Hasura GraphQL 1.3.3 - Service Side Request Forgery SSRF Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/19/2021 Tested on: Ubuntu import requests HASURASCHEME = 'http' HASURAHOST = '192.168.1.1'...
Hasura GraphQL 1.3.3 - Service Side Request Forgery (SSRF) Exploit
Exploit Title: Hasura GraphQL 1.3.3 - Service Side Request Forgery SSRF Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Tested on: Ubuntu import requests HASURASCHEME = 'http' HASURAHOST = '192.168.1.1' HASURAPORT = 80...
Hasura GraphQL 1.3.3 - Denial of Service
Exploit Title: Hasura GraphQL 1.3.3 - Denial of Service Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Author: Dolev Farhi Date: 4/19/2021 Tested on: Ubuntu import sys import requests import threading HASURASCHEME = 'http' HASURAHOST = '192.168.1.1...
Hasura GraphQL 1.3.3 - Local File Read
Exploit Title: Hasura GraphQL 1.3.3 - Local File Read Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/19./2021 Tested on: Ubuntu import requests import sys HASURASCHEME = 'http' HASURAHOST = '192.168.1.1' HASURAPO...
Hasura GraphQL 1.3.3 - Service Side Request Forgery (SSRF)
Exploit Title: Hasura GraphQL 1.3.3 - Service Side Request Forgery SSRF Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/19/2021 Tested on: Ubuntu import requests HASURASCHEME = 'http' HASURAHOST = '192.168.1.1'...
HackerOne: Improper data update process on UpdatePhabricatorIntegration mutation leads to leak of Phabricator Conduit API token.
Details Title: Improper data update process on UpdatePhabricatorIntegration mutation leads to leak of Phabricator Conduit API token. Risk: High Impact: High Exploitability: High Target: baseurl parameter on UpdatePhabricatorIntegration mutation at /graphql endpoint. Introduction Sensitive data...
VulnCheck KEV: CVE-2019-9880
An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username...
HackerOne: The possibility of disrupting the normal operation of frontend using markdown
Summary: Hi team, Our team noticed that using some string construction in markdown may cause it to fail and output error 502. Thus, disrupting the UI process. This may affect the work in places where there is a GraphQL attribute output. For example: User object in GraphQL : introhtml attribute...
On : Graphql introspection is enabled and leaks details about the schema
Summary: Hi team ! i've found a misconfiguration in your graphql Api on the endpoint https://www.on-running.com/en-in/graphql in which an attacker is able to run a graphql interospection query to fetch schemas , types , fields , available query operations , after running interospection query on t...
HackerOne: Attachment object in GraphQL continues to grant access to files, even if they are removed from rendering
Summary: Hi team, Our team noticed that youprogram can attach files to the policy page. These files can be anything, images, text, archive, etc.In other words, these files may or may not contain sensitive information. Our team believes that the data that can be attached in different vectors is hi...
HackerOne: Hackers can find out the ID of private programs
Summary: Hi team, Our team noticed that it is possible to find out the IDs of sandbox programs. This allows us to create a list, thereby determining that the rest of the list of IDs will belong to private programs or public or external programdirectory listing. But by removing ID all public and...
GitLab: CSRF on /api/graphql allows executing mutations through GET requests
Mutations are edit or create queries used in Graphql. Gitlab prevents CSRF in this functionality by sending a POST request with a X-CSRF-Token header. The bug I found here was that, when we send a GET request, the backend does not expect the X-CSRF-Token header. Using this, an attacker could...
Uber: IDOR leads to leak analytics of any restaurant
The GraphQL service at https://restaurant.uber.com, did not properly perform an authZ check, allowing an attacker to obtain detailed sales statistics, etc for any restaurant. Writeup at https://0xprial.com/idor-leads-to-leak-any-uber-eats-restaurant-analytics/...
CVE-2021-22863
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...