Edited image link to point to asset
This commit is contained in:
parent
a2e8f8e2b5
commit
1828693136
@ -329,7 +329,7 @@ Mutation could even lead to account take over trying to modify other account dat
|
||||
[Chaining queries](https://s1n1st3r.gitbook.io/theb10g/graphql-query-authentication-bypass-vuln) together can bypass a weak authentication system.
|
||||
|
||||
In the below example you can see that the operation is "forgotPassword" and that it should only execute the forgotPassword query associated with it. This can be bypassed by adding a query to the end, in this case we add "register" and a user variable for the system to register as a new user.
|
||||
![](https://1605949182-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FuSROL4SI6SkTn8EwsIii%2Fuploads%2Fv1XrpYG9R6yTC6OsoEsW%2FauthBypass.PNG?alt=media&token=6d52ed67-6350-4765-b956-38581a97bbe2)
|
||||
![](<../../.gitbook/assets/GraphQLAuthBypassMethod.png>)
|
||||
|
||||
## Leaked GraphQL Structures
|
||||
If introspection is disabled, try looking at the website source code. The queries are often pre loaded into browser as javascript libraries. These prewritten queries can reveal powerful information about the schema and use of each object and function. The `Sources` tab of the developer tools can search all files to enumerate where the queries are saved. Sometimes even the administrator protected queries are already exposed.
|
||||
|
Loading…
Reference in New Issue
Block a user