nuclei-templates/http/misconfiguration/graphql/graphql-array-batching.yaml

53 lines
1.7 KiB
YAML
Raw Normal View History

id: graphql-array-batching
2022-03-08 19:03:10 +00:00
info:
name: GraphQL Array-based Batching
author: Dolev Farhi
2022-07-26 05:15:05 +00:00
severity: info
description: |
Some GraphQL engines support batching of multiple queries into a single request. This allows users to request multiple objects or multiple instances of objects efficiently.
However, an attacker can leverage this feature to evade many security measures, including Rate Limit.
2023-10-14 11:27:55 +00:00
remediation: |
Deactivate or limit Batching in your GraphQL engine.
reference:
- https://stackoverflow.com/questions/62421352/graphql-difference-between-using-alias-versus-multiple-query-objects-when-doin
- https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application
- https://graphql.security/
metadata:
max-request: 2
2023-10-14 11:27:55 +00:00
tags: graphql,misconfig
2022-03-08 19:03:10 +00:00
http:
2022-03-08 19:03:10 +00:00
- raw:
- |
POST /graphql HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
[{"query":"query {\n __typename \n }"}, {"query":"mutation { \n __typename \n }"}]
2022-07-26 05:18:53 +00:00
- |
POST /api/graphql HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
[{"query":"query {\n __typename \n }"}, {"query":"mutation { \n __typename \n }"}]
2022-07-26 05:20:36 +00:00
stop-at-first-match: true
2023-10-14 11:27:55 +00:00
matchers-condition: and
2022-03-08 19:03:10 +00:00
matchers:
- type: word
2022-03-09 12:57:29 +00:00
part: body
2022-03-08 19:03:10 +00:00
words:
- ':"Query"'
- ':"Mutations"'
case-insensitive: true
condition: and
- type: word
part: header
words:
2022-07-26 05:15:05 +00:00
- "application/json"
# digest: 4b0a004830460221009352f5fb69d50c384b0609e39864120c5da438c4d4b50e5f7ff9e78e6a17fdbc02210093902ef377f0eca11245c1fd3095f3b29f51a9417d1a48f3a7e1df0ecb0d0185:922c64590222798bb761d5b6d8e72950