37 lines
1.2 KiB
YAML
37 lines
1.2 KiB
YAML
|
id: graphql-field-suggestion
|
||
|
|
||
|
info:
|
||
|
name: GraphQL Field Suggestion Information Disclosure
|
||
|
author: Dolev Farhi
|
||
|
severity: info
|
||
|
description: |
|
||
|
If introspection is disabled on your target, Field Suggestion can allow users to still earn information on the GraphQL schema.
|
||
|
By default, GraphQL backends have a feature for fields and operations suggestions.
|
||
|
If you try to query a field but you have made a typo, GraphQL will attempt to suggest fields that are similar to the initial attempt.
|
||
|
reference:
|
||
|
- https://github.com/webonyx/graphql-php/issues/454
|
||
|
- https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application
|
||
|
- https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html
|
||
|
- https://graphql.security
|
||
|
tags: graphql
|
||
|
|
||
|
requests:
|
||
|
- raw:
|
||
|
- |
|
||
|
POST /graphql HTTP/1.1
|
||
|
Host: {{Hostname}}
|
||
|
Content-Type: application/json
|
||
|
|
||
|
{"query":"query {\n __schema {\n directive\n }\n}","variables":null}
|
||
|
|
||
|
matchers-condition: and
|
||
|
matchers:
|
||
|
- type: word
|
||
|
part: body
|
||
|
words:
|
||
|
- "Did you mean"
|
||
|
|
||
|
- type: word
|
||
|
part: header
|
||
|
words:
|
||
|
- "application/json"
|