Hacking GraphQL Applications

 Date: December 13, 2019

So, I wrote an hackme lab for GraphQL web apps :)

Hackmegraph(QL) is a vulnerable GraphQL web application for security researchers.

The objective in this lab is to escalate your privileges from an anonymous user to Remote Code Execution.

The lab contains multiple vulnerabillities & common mistakes in GraphQL implementation that you’ll exploit in order to get to the RCE part. Once you’re able to run whoami on the vulnerable app, you completed the challenge

The lab, with build instructions & all the info is available at the hackmegraph repo.

 Tags:  web graphql
Related Posts:
Pwning LLaMA.cpp RPC Server
Reverse Engineering a Kernel Driver chall
Hunting bugs in Nginx JavaScript engine (njs)

Next
Reverse Engineering Jazz Jackrabbit 2 ⏩