| Authorization bypass due to cache misconfiguration |
|
|
|
| The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover |
|
|
|
| Exploiting Broken Authentication Control In GraphQL |
|
|
|
| IDOR on HackerOne Embedded Submission Form |
|
|
|
| Micro Services, Major Headaches: Detecting Vulnerabilities in Erxes' Microservices |
|
|
|
| We Hacked Google A.I. for $50,000 |
|
|
|
| Exploiting Kubernetes through Operator Injection |
|
|
|
| Bug Writeup: Stored XSS to Account Takeover (ATO) via GraphQL API |
|
|
|
| GraphQL API Hacking! |
|
|
|
| From Response To Request, Adding Your Own Variables Inside Of GraphQL Queries For Account Take Over |
|
|
|
| CVE-2022-37734: graphql-java Denial-of-Service |
|
|
|
| I Earned $3500 and 40 Points for A GraphQL Blind SQL Injection Vulnerability. |
|
|
|
| Accessing to Data Sources of any Facebook Business account via IDOR in GraphQL |
|
|
|
| Exposing Users Table From a Leaky GraphQL Query |
|
|
|
| How Your NFTs Could Have Been Stolen in Just One Click |
|
|
|
| Unauthenticated GraphQL Introspection and API calls |
|
|
|
| Using efficient tooling to hunt GraphQL security issues |
|
|
|
| Insufficient GraphQL API vulnerability due to lack of validation of Authorization Bearer token |
|
|
|
| An IDOR vulnerability often hides many others |
|
|
|
| 0 click Facebook Account Takeover and Two-Factor Authentication Bypass |
|
|
|
| [GraphQL IDOR]Leaking credit card information of 1000s of users |
|
|
|
| Header spoofing via a hidden parameter in Facebook Batch GraphQL APIs |
|
|
|
| SQL Injection in GraphQL |
|
|
|
| The easiest bug to get a Hall of fame from a Billion dollar company. |
|
|
|
| The Million Dollar IDOR |
|
|
|
writeups.xyz
/
GraphQL