Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
965SQL Injection in GraphQL SQL injection GraphQL NA Ahmed Gad (@0xGAD) Bug Bounty2022-10-132023-06-13
798Header spoofing via a hidden parameter in Facebook Batch GraphQL APIs GraphQL Security misconfiguration Meta / Facebook David Schütz (@xdavidhu) Bug Bounty2022-11-212023-06-13
675[GraphQL IDOR]Leaking credit card information of 1000s of users IDOR GraphQL NA Vipul Sahu Bug Bounty2022-12-202023-06-13
6640 click Facebook Account Takeover and Two-Factor Authentication Bypass Authentication bypass GraphQL Account takeover Android MFA bypass Meta / Facebook abdellah yaala (@yaalaab) Bug Bounty2022-12-212023-06-13
513An IDOR vulnerability often hides many others IDOR GraphQL NA Allam Rachid (@blank_cold) Bug Bounty2023-02-012023-06-13
412Insufficient GraphQL API vulnerability due to lack of validation of Authorization Bearer token GraphQL IDOR NA Int (@intlulz) Bug Bounty2023-02-222023-06-13
393Unauthenticated GraphQL Introspection and API calls GraphQL Missing authentication NA Osama Avvan (@osamaavvan) Bug Bounty2023-02-262023-06-13
389Using efficient tooling to hunt GraphQL security issues GraphQL NA Nishant Jain (@realArcherL) Bug Bounty2023-02-262023-06-13
360How Your NFTs Could Have Been Stolen in Just One Click postMessage GraphQL NA PermaSecure (@PermaSecure) Bug Bounty2023-03-032023-06-13
347Exposing Users Table From a Leaky GraphQL Query GraphQL Authorization flaw Broken Access Control NA Inderjeet Singh - encodedguy (@3nc0d3dGuY) Bug Bounty2023-03-062023-06-13
346Accessing to Data Sources of any Facebook Business account via IDOR in GraphQL IDOR GraphQL Meta / Facebook Mukund Bhuva (@MukundBhuva) Bug Bounty2023-03-062023-06-13
323I Earned $3500 and 40 Points for A GraphQL Blind SQL Injection Vulnerability. SQL injection GraphQL NA nav1n (@nav1n0x) Bug Bounty2023-03-102023-06-13
252CVE-2022-37734: graphql-java Denial-of-Service GraphQL DoS Security code review graphql-java Artem Logutov Bug Bounty2023-03-302023-06-13
61From Response To Request, Adding Your Own Variables Inside Of GraphQL Queries For Account Take Over GraphQL IDOR Mass assignment NA Tom Neaves Bug Bounty2023-05-232023-06-13