Portswigger - GraphQL API Vulnerabilities - Lab #1 Accessing Private GraphQL posts

Описание: Hello Hackers, in this video of Accessing Private GraphQL posts you will see how to exploit and discover GraphQL injection basics

⚠️ Subscribe to my channel ➡️ ‪@popo_hack‬ ⚠️

0:00 - About the Lab
0:25 - Install InQL extension
1:28 - Exploit and discover GraphQL injection

🔍 About the Lab
Lab: Accessing private GraphQL posts
Level: Apprentice
It's a blog page that contains a hidden blog post that has a secret password. To solve the lab, we have to find that hidden blog post and its secret password.

⚠️ Recommendation
It recommends that you install the InQL extension before attempting this lab to make it easier to modify GraphQL queries in Repeater, and enables you to scan the API schema.

✅ What to do ?
1. Install InQL extension:
Go to extensions , BApp Store , search "InQL", click "Install"
Note: If you want to remove the InQl extension. Go to extensions , Installed , select "InQL" , click "remove"

2. Mapping the App, than in Burp, go to Proxy , HTTP history and notice the following:
The endpoint /graphql/v1 used to retrieve blog posts using GraphQL
In the response, each blog post has its own sequential id.
❓Blog post id 3 doesn't exist from the list. This indicates that there is a hidden blog post.
Use InQL to scan the GraphQL endpoint. Notice that the BlogPost type has a postPassword field available.

3. Select a blog post. Notice that this causes the site to make a GraphQL query that fetches the relevant post data via a direct reference to the post's ID.

4. In Repeater, modify the id variable to 3. Add the postPassword field to the query.

5. Send the request.

6. Copy the contents of the response's postPassword field and paste them into the Submit solution dialog to solve the lab.

Thank you for watching my video, if you have any questions or any topics recommendation feel free to write them on the comment below 🙋

#WebSecurityAcademy #portswigger #GraphQL #vulnerability