Performing CSRF Exploits Over GraphQL

Рет қаралды 1,232

Күн бұрын

👩‍🎓👨‍🎓 Learn about GraphQL API vulnerabilities! The user management functions for this lab are powered by a GraphQL endpoint. The endpoint accepts requests with a content-type of 'x-www-form-urlencoded' and is therefore vulnerable to cross-site request forgery (CSRF) attacks. To solve the lab, we must craft some HTML that uses a CSRF attack to change the viewer's email address, then upload it to your exploit server.
If you're struggling with the concepts covered in this lab, please review portswigger.net/web-security/... 🧠
🔗 Portswigger challenge: portswigger.net/web-security/...
🧑💻 Sign up and start hacking right now - go.intigriti.com/register
👾 Join our Discord - go.intigriti.com/discord
🎙️ This show is hosted by / _cryptocat ( ‪@_CryptoCat‬ ) & / intigriti
👕 Do you want some Intigriti Swag? Check out swag.intigriti.com
Overview:
0:00 Intro
0:26 GraphQL CSRF
1:44 Lab: Performing CSRF exploits over GraphQL
2:15 Explore site functionality
2:41 Review GraphQL-related JavaScript
3:24 Introspection (and visualisation)
4:11 Prepare exploit
6:33 Repeat finalised exploit against victim
7:54 Preventing GraphQL attacks
8:52 Preventing GraphQL brute-force attacks
10:04 Conclusion

Пікірлер: 10

@mnageh-bo1mm 2 ай бұрын

what? most endpoints I came across were using content type json triggering a preflight request which killed any attempt of csrf

@intigriti 2 ай бұрын

It's probably uncommon, Portswigger stated: "POST requests that use a content type of application/json are secure against forgery as long as the content type is validated. However, alternative methods such as GET, or any request that has a content type of x-www-form-urlencoded" Worth a try! 🙏

@mnageh-bo1mm 2 ай бұрын

@@intigriti thx ... Looks like it's validated too.