Lucene search
K

3139 matches found

Hacker One
Hacker One
added 2018/11/06 4:52 p.m.1995 views

HackerOne: SQL injection in GraphQL endpoint through embedded_submission_form_uuid parameter

The embeddedsubmissionformuuid parameter in the /graphql endpoint is vulnerable to a SQL injection. Execute the following command to reproduce the behavior: Locally: curl -X POST http://localhost:8080/graphql?embeddedsubmissionformuuid=1%27%3BSELECT%201%3BSELECT%20pgsleep\30%3B--%27...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2018/10/13 3:40 p.m.32 views

Shopify: H1514 Get access to non public information by pivoting with graphql queries

Hi security team, Summary: It is possible to pivot with queries to get access to information you shouldn't have access to according to docs located at https://help.shopify.com/en/api/graphql-admin-api/reference/queryroot Description: I will try to write up all the ones I can find related to...

6.7AI score
Exploits0
Akamai Blog
Akamai Blog
added 2018/10/10 10:0 a.m.39 views

API Gateway -- Secure API Traffic with OAuth 2.0 and Cache GraphQL Responses

APIs are the connective tissue between software and modern digital experiences, and they must be exposed to consumers in a way that prevents misuse. This means your APIs must have appropriate governance authorization, authentication, quota management policies to prevent consumers from abusing API...

Exploits0
Hacker One
Hacker One
added 2018/10/05 11:33 p.m.39 views

Shopify: H1514 [beerify.shopifycloud.com] GraphQL discloses internal beer consumption

Hi security team, Summary: With great pleasure we would like to report that we have discovered a GraqhQL endpoint that discloses internal beer consumption at your offices. Description: This endpoint is leaking internal app details about how much beer you have left on any given day. Steps To...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2018/10/02 2:24 a.m.88 views

HackerOne: Revoking user session in https://hackerone.com/settings/sessions does not revoke the GraphQL query session

Hi Team, Summary: I have found an Insufficient Session Expiration on implementation of the new Revoke user session feature of HackerOne here: https://hackerone.com/settings/sessions Description: The new REVOKE session feature will destroy the session of the selected device, that means any request...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2018/10/01 8:34 p.m.17 views

Shopify: Using GraphQL, STAFF with NO explicit permissions on Store can retrieve Shopify Payments Balance.

Hi, I am reporting this because it looks like a authorization bug in GraphQL. A staff member having no explicit permissions on a Shopify Store may be able to retrieve the Current balances in all currencies for the account for Shopify Payments. Steps 1. STAFF account is created and assigned NO...

0.6AI score
Exploits0
Hacker One
Hacker One
added 2018/09/15 2:34 a.m.24 views

Shopify: Some store settings/data are accessible to "No Access" permission users on GraphQL LiveView operation

Summary GraphQL LiveView operation doesn't properly check for permissions before returning data. This allows "No Access" users to access some store settings and data by providing complete Shop schema fields in the request string. Steps to reproduce 1. Log into an attacker account of a test store...

7AI score
Exploits0
Hacker One
Hacker One
added 2018/08/20 12:14 a.m.62 views

Shopify: Unauthenticated access to Zendesk tickets through athena-flex-production.shopifycloud.com Okta bypass

Summary athena-flex-production.shopifycloud.com seems to be an internal system that Shopify uses because it redirects user to Okta login. During this however, I noticed that it first returns 200 and then does a redirect meaning some part of the website loads before redirecting. With this, I was...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2018/08/02 12:13 p.m.51 views

HackerOne: TeamProfile exposes partially sensitive information through GraphQL

I noticed there is new field teamprofile added and using the graphql below the latest serious report and reports received in three months were exposed "query":"query Dashboardreportseveritybreakdowntable$first0:Int! \n query \n id,\n ...F0\n \n\nfragment F0 on Query \n...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2018/07/10 10:13 p.m.19 views

HackerOne: Team object exposes amount of participants in a private program to non-invited users

Summary: Hello. Similar to other reports, suddenly after the update with ordering users, the GraphQL API is exposing the amount of participants in a private program to non-invited users. This allows an attacker to retrieve the amount of participants in a private program, as well as their details...

1.9AI score
Exploits0
Hacker One
Hacker One
added 2018/05/12 7:42 p.m.20 views

HackerOne: User object in GraphQL exposes number of trial reports for External Programs that also have a Private Program

Summary: For this vulnerability to work, it is necessary that you should be Admin/member of atleast one sandbox team and running a GraphQL node can tell you if the external programs exist on directory page running a private program on hackerone or not...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2018/05/06 11:52 a.m.37 views

HackerOne: Team object in GraphQL that have a published external program may expose existence of a private program

Summary: Hi Team! On Team object the parameter "icannotcreatejirawebhookreasons" is not NULL and gets the following default states when called for all programs "CANNOTVIEW","FEATUREGATED","PROGRAMPERMISSIONREQUIRED" If a Company Program runs a Private Program or a Public On the "FEATUREGATED" is...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2018/04/26 2:11 p.m.152 views

HackerOne: Team object in GraphQL discloses team group names and permissions

Summary: Hi team. We can disclosed your team member groups ; Description: Because of the communications error, we can disclose the data - teammembergroupsid,name,permissions Steps To Reproduce 1. "query": "query...

7.8AI score
Exploits0
Hacker One
Hacker One
added 2018/04/25 3:16 a.m.12 views

HackerOne: Team object in GraphQL disclosed total number of whitelisted hackers

Summary: Hi team. Whitelistedhackers i think your setup - Two-factor authentication and IP whitelisting are available to further restrict access to accounts. Description: Again, because of the link error, I can see the number, but I can't see these links. Analogue 310946 Steps To Reproduce 1...

0.6AI score
Exploits0
Hacker One
Hacker One
added 2018/03/13 5:22 p.m.40 views

HackerOne: Leakage badges on disabled user

Indonesia Here ; Hi HackerOne Team, Description: This attack occurs when an attacker uses this graphql code: and this builds the path of the attacker getting disclosure information about how many programs already in the close Resolved from the Public or Disable user. okay now I do not say if the...

6.5AI score
Exploits0
Hacker One
Hacker One
added 2017/11/19 4:26 p.m.37 views

HackerOne: IDOR on Program Visibilty (Revealed / Concealed) against other team members

Hi HackerOne Team, Summary: When you are a part of a program security team, you have a choice to show in your profile that you are a member of the sec team, you can also hide it if you don't want to show it to your profile, any team member can do that using your profile settings here:...

6.5AI score
Exploits0
Hacker One
Hacker One
added 2017/11/18 4:58 p.m.982 views

HackerOne: Introspection query leaks sensitive graphql system information.

Summary: Interospection query leaks sensitive data. Introduction As we know graphql was initially developed and used by facebook as an internal query language and so the features of graphql mostly revolve around internal and development areas. Graphql executes queries using a type system with the...

6.5AI score
Exploits0
Hacker One
Hacker One
added 2017/10/28 9:59 p.m.48 views

HackerOne: GraphQL sessions aren't immediately invalidated when user password is changed

Summary: While changing password, once user clicks on "Change password" button after giving necessary values, on https://hackerone.com/settings/pass/edit, the session expires and the user is redirected to https://hackerone.com/users/signin for logging in again with the updated/changed password. A...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2017/10/10 6:47 p.m.16 views

New Relic: [NR Infrastructure] Bypass of #200576 through GraphQL query abuse - allows restricted user access to root account license key

@jonbottarini discovered an issue with our GraphQL implementation. This allowed a user without the proper authorization access to privileged account information on the same account. The writeup for this issue can read here: https://labs.detectify.com/2018/03/14/graphql-abuse/...

2.4AI score
Exploits0
Rows per page
Query Builder