nuclei-templates/http/misconfiguration/graphql/graphql-field-suggestion.yaml

48 lines
1.4 KiB
YAML

id: graphql-field-suggestion
info:
name: GraphQL Field Suggestion Information Disclosure
author: Dolev Farhi
severity: info
description: |
If introspection is disabled on your target, Field Suggestion can allow users to still earn information on the GraphQL schema.
By default, GraphQL backends have a feature for fields and operations suggestions.
If you try to query a field but you have made a typo, GraphQL will attempt to suggest fields that are similar to the initial attempt.
reference:
- https://github.com/webonyx/graphql-php/issues/454
- https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application
- https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html
- https://graphql.security
tags: graphql
metadata:
max-request: 2
http:
- raw:
- |
POST /graphql HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"query":"query {\n __schema {\n directive\n }\n}","variables":null}
- |
POST /api/graphql HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"query":"query {\n __schema {\n directive\n }\n}","variables":null}
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Did you mean"
- type: word
part: header
words:
- "application/json"