Accessing Private GraphQL Posts
👩🎓👨🎓 Learn about GraphQL API vulnerabilities! The blog page for this lab contains a hidden blog post that has a secret password. To solve the lab, we must find the hidden blog post and enter the password.
If you're struggling with the concepts covered in this lab, please review https://portswigger.net/web-security/graphql 🧠
🔗 Portswigger challenge: https://portswigger.net/web-security/graphql/lab-graphql-reading-private-posts
🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register
👾 Join our Discord - https://go.intigriti.com/discord
🎙️ This show is hosted by https://twitter.com/_CryptoCat ( @_CryptoCat ) & https://twitter.com/intigriti
👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com
Overview:
0:00 Intro
0:35 Lab: Accessing private GraphQL posts
0:47 Identify GraphQL API endpoints
1:59 Universal queries
2:20 Discovering schema information (introspection)
2:44 Running a full introspection query
3:29 GraphQL visualizer
4:21 Exploit the vulnerability
5:39 GraphQL in burp suite (automation)
6:22 Conclusion
Видео Accessing Private GraphQL Posts канала Intigriti
If you're struggling with the concepts covered in this lab, please review https://portswigger.net/web-security/graphql 🧠
🔗 Portswigger challenge: https://portswigger.net/web-security/graphql/lab-graphql-reading-private-posts
🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register
👾 Join our Discord - https://go.intigriti.com/discord
🎙️ This show is hosted by https://twitter.com/_CryptoCat ( @_CryptoCat ) & https://twitter.com/intigriti
👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com
Overview:
0:00 Intro
0:35 Lab: Accessing private GraphQL posts
0:47 Identify GraphQL API endpoints
1:59 Universal queries
2:20 Discovering schema information (introspection)
2:44 Running a full introspection query
3:29 GraphQL visualizer
4:21 Exploit the vulnerability
5:39 GraphQL in burp suite (automation)
6:22 Conclusion
Видео Accessing Private GraphQL Posts канала Intigriti
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
h4rmony - Hacker Interview
Multi-endpoint Race Conditions
Hacker Heroes #1 - @samengmg (Interview)
Hacker Tools - CyberChef
Intel's 1337UP Knights of Elektron Live Hacking Event Aftermovie
kuromatae - Hacker Interview
Why Every Company Should Run a Live Hacking Event (#1337up0622 Aftermovie)
Announcement: Intigriti secures more than €21M in Series B funding
Intigriti Customer Story: CM.com
JWT Authentication Bypass via jwk Header Injection
Bypassing Rate Limits via Race Conditions
XXE to SSH access?! - Mustacchio by @RealTryHackMe
Second order NoSQL injection? - Solution to January '23 Challenge
Can You Spot The Vulnerability?
FFUF by @joohoi (Behind The Tool #1)
Intigriti Customer Story: Brussels Airlines discovers critical vulnerability via ethical hackers
Meet Stijn Jans, Intigriti's Founder
Cheat Engine: Shared Code (tutorial 9, part 1) - Game Hacking Series
Single-endpoint Race Conditions
Can You Spot The Vulnerability?
Exploiting Server-side Parameter Pollution in a REST URL