Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
5295GraphQL exploitation – All you need to know GraphQL Exploitation OSCP Theo CheatSheet2023-05-162024-01-31
4834GraphQL abuse: Bypass account level permissions through parameter smuggling GraphQL Privilege escalation New Relic Jon Bottarini (@jon_bottarini) Bug Bounty2018-03-142023-06-13
4042[TOKOPEDIA] Site-wide CSRF through GraphQL request CSRF Tokopedia Rafie Muhammad (@rafiem777) Bug Bounty2019-07-152023-06-13
3947Graphql Bug to Steal Anyone’s Address Information disclosure GraphQL NA Pratik Yadav (@PratikY9967) Bug Bounty2019-09-012023-06-13
3891GraphQL Introspection leads to Sensitive Data Disclosure. Information disclosure NA Pranay Bafna Bug Bounty2019-10-022023-06-13
3856GraphQL introspection leads to sensitive data disclosure. Information disclosure NA Eshan Singh (@R0X4R) Bug Bounty2019-10-302023-06-13
3763GraphQL IDOR leads to information disclosure IDOR NA Eshan Singh (@R0X4R) Bug Bounty2019-12-242023-06-13
3300How I lost my followers on Medium GraphQL Authorization flaw Medium Florian (@fh4ntke) Bug Bounty2020-07-172023-06-13
3017GraphQL IDOR in Facebook streamer dashboard. IDOR GraphQL Meta / Facebook Kailash (@Corrupted_brain) Bug Bounty2020-11-182023-06-13
2846Access developer tasks list of any Facebook Application (GraphQL IDOR) IDOR Meta / Facebook Amine Aboud (@amineaboud) Bug Bounty2021-02-012023-06-13
2762Somebody Call The Plumber, GraphQL is Leaking Again… Information disclosure GraphQL NA N0ur5 Bug Bounty2021-02-272023-06-13
2757Somebody Call The Plumber, GraphQL is Leaking Again… Information disclosure GraphQL NA N0ur5 Bug Bounty2021-02-282023-06-13
2717De-anonymize the members of a private Facebook Group as a non-member. GraphQL Information disclosure Meta / Facebook Baibhav Anand (@SpongeBhav) Bug Bounty2021-03-152023-06-13
2637(POC) Update business fyi message as Facebook page analyst IDOR GraphQL Meta / Facebook Ahmad Talahmeh Bug Bounty2021-04-172023-06-13
2631Pwning your assignments: Stored XSS via GraphQL endpoint Stored XSS GraphQL NA Kartik Sharma (@dominat0r98) Bug Bounty2021-04-182023-06-13
2530Disclose leads form details of any Facebook Business Account or Facebook Page (Bug Bounty) IDOR GraphQL Meta / Facebook Amine Aboud (@amineaboud) Bug Bounty2021-05-232023-06-13
2478This is how I was able to see Private, Archived Posts/Stories of users on Instagram without following them IDOR GraphQL NA Mayur Fartade (@mayurfartade) Bug Bounty2021-06-152023-06-13
2295Retrieve Archived Stories Of Any Public Instagram Account. IDOR GraphQL Meta / Facebook Naveen Bug Bounty2021-08-252023-06-13
2256IDOR Vulnerability In GraphQL Api On Website IDOR GraphQL NA Aidil Arief Bug Bounty2021-09-032023-06-13
2046How I got my first bounty on financial sector gateway site by using Previous GraphQL vulnerabilities. Information disclosure GraphQL NA Night Hawk Bug Bounty2021-11-262023-06-13
2028Disclose Ad Accounts linked with Instagram Accounts Information disclosure Logic flaw GraphQL Meta / Facebook Naveen (@NaveenHax) Bug Bounty2021-12-022023-06-13
1766CVE-2021-4191: GitLab GraphQL API User Enumeration (FIXED) Username enumeration GraphQL GitLab Jacob Baines (@junior_baines) Bug Bounty2022-03-032023-06-13
1167The Million Dollar IDOR IDOR Race condition GraphQL NA Monish Basaniwal Bug Bounty2022-08-272023-06-13
1059Apollo Router Security Audit Report (Q2 2022) DoS CSRF Apollo GraphQL Norbert Szetei (@73696e65) Bug Bounty2022-09-202023-06-13
985The easiest bug to get a Hall of fame from a Billion dollar company. GraphQL Information disclosure GeHealthcare Ravaan Bug Bounty2022-10-102023-06-13