Accessing Private GraphQL Posts
👩🎓👨🎓 Learn about GraphQL API vulnerabilities! The blog page for this lab contains a hidden blog post that has a secret password. To solve the lab, we must find the hidden blog post and enter the password.
If you're struggling with the concepts covered in this lab, please review https://portswigger.net/web-security/graphql 🧠
🔗 Portswigger challenge: https://portswigger.net/web-security/graphql/lab-graphql-reading-private-posts
🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register
👾 Join our Discord - https://go.intigriti.com/discord
🎙️ This show is hosted by https://twitter.com/_CryptoCat ( @_CryptoCat ) & https://twitter.com/intigriti
👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com
Overview:
0:00 Intro
0:35 Lab: Accessing private GraphQL posts
0:47 Identify GraphQL API endpoints
1:59 Universal queries
2:20 Discovering schema information (introspection)
2:44 Running a full introspection query
3:29 GraphQL visualizer
4:21 Exploit the vulnerability
5:39 GraphQL in burp suite (automation)
6:22 Conclusion
Видео Accessing Private GraphQL Posts канала Intigriti
If you're struggling with the concepts covered in this lab, please review https://portswigger.net/web-security/graphql 🧠
🔗 Portswigger challenge: https://portswigger.net/web-security/graphql/lab-graphql-reading-private-posts
🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register
👾 Join our Discord - https://go.intigriti.com/discord
🎙️ This show is hosted by https://twitter.com/_CryptoCat ( @_CryptoCat ) & https://twitter.com/intigriti
👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com
Overview:
0:00 Intro
0:35 Lab: Accessing private GraphQL posts
0:47 Identify GraphQL API endpoints
1:59 Universal queries
2:20 Discovering schema information (introspection)
2:44 Running a full introspection query
3:29 GraphQL visualizer
4:21 Exploit the vulnerability
5:39 GraphQL in burp suite (automation)
6:22 Conclusion
Видео Accessing Private GraphQL Posts канала Intigriti
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![h4rmony - Hacker Interview](https://i.ytimg.com/vi/IaMBHK9esWI/default.jpg)
![Multi-endpoint Race Conditions](https://i.ytimg.com/vi/SvpxBM7s-G4/default.jpg)
![Hacker Heroes #1 - @samengmg (Interview)](https://i.ytimg.com/vi/qJYPsnb5GoI/default.jpg)
![Hacker Tools - CyberChef](https://i.ytimg.com/vi/OqQt0JZycQo/default.jpg)
![Intel's 1337UP Knights of Elektron Live Hacking Event Aftermovie](https://i.ytimg.com/vi/6z_EE9mHkHM/default.jpg)
![kuromatae - Hacker Interview](https://i.ytimg.com/vi/pvj8bJ70hFs/default.jpg)
![Why Every Company Should Run a Live Hacking Event (#1337up0622 Aftermovie)](https://i.ytimg.com/vi/4sNOP3Eaz6o/default.jpg)
![Announcement: Intigriti secures more than €21M in Series B funding](https://i.ytimg.com/vi/ivBz7CyI0eI/default.jpg)
![Intigriti Customer Story: CM.com](https://i.ytimg.com/vi/NI4Igq8PYcs/default.jpg)
![JWT Authentication Bypass via jwk Header Injection](https://i.ytimg.com/vi/t-RfzyW0iqA/default.jpg)
![Bypassing Rate Limits via Race Conditions](https://i.ytimg.com/vi/jzUJtW8rFRs/default.jpg)
![XXE to SSH access?! - Mustacchio by @RealTryHackMe](https://i.ytimg.com/vi/HtwnNkW0MsA/default.jpg)
![Second order NoSQL injection? - Solution to January '23 Challenge](https://i.ytimg.com/vi/bAWOY2sim4o/default.jpg)
![Can You Spot The Vulnerability?](https://i.ytimg.com/vi/ea0HiGVju9A/default.jpg)
![FFUF by @joohoi (Behind The Tool #1)](https://i.ytimg.com/vi/s8LVtdFZEQo/default.jpg)
![Intigriti Customer Story: Brussels Airlines discovers critical vulnerability via ethical hackers](https://i.ytimg.com/vi/cdOpL8LZfco/default.jpg)
![Meet Stijn Jans, Intigriti's Founder](https://i.ytimg.com/vi/ht-JH2d3diM/default.jpg)
![Cheat Engine: Shared Code (tutorial 9, part 1) - Game Hacking Series](https://i.ytimg.com/vi/qqbOZYOTGHI/default.jpg)
![Single-endpoint Race Conditions](https://i.ytimg.com/vi/SOk5f1OyQOA/default.jpg)
![Can You Spot The Vulnerability?](https://i.ytimg.com/vi/T7KFMGCcusc/default.jpg)
![Exploiting Server-side Parameter Pollution in a REST URL](https://i.ytimg.com/vi/L9lVDAvoVVE/default.jpg)