Hacking GraphQL Applications

 Date: December 13, 2019

So, I wrote an hackme lab for GraphQL web apps :)

Hackmegraph(QL) is a vulnerable GraphQL web application for security researchers.

The objective in this lab is to escalate your privileges from an anonymous user to Remote Code Execution.

The lab contains multiple vulnerabillities & common mistakes in GraphQL implementation that you’ll exploit in order to get to the RCE part. Once you’re able to run whoami on the vulnerable app, you completed the challenge

The lab, with build instructions & all the info is available at the hackmegraph repo.

 Tags:  web graphql
Related Posts:
GenesisOS: Publishing my micro-kernel!
Exploiting n-day in Home Security Camera
BsidesTLV 2023 - 'Zen(d) Master' writeup (pwn)

Next
Reverse Engineering Jazz Jackrabbit 2 ⏩