writeups.xyz / GraphQL abuse: Bypass account level permissions through parameter smuggling

Submitter : c2a

Date: 14 March 2018

Bounty : undisclosed

Vulnerabilities :

• GraphQL
• Privilege Escalation

Programs :

• New Relic

Authors :

• Jon Bottarini (@Jon_bottarini)

Link :
https://labs.detectify.com/2018/03/14/graphql-abuse/