New Video Analyzes Common and Impactful GraphQL Bugs

In this video, the author analyzes closed reports related to GraphQL to identify the most common and impactful types of bugs. The analysis primarily focuses on authorization issues but also covers other types of vulnerabilities such as SQL injections, CSRF attacks, and denial of service. The author begins by highlighting that authorization problems are the most frequent, accounting for 59 of the analyzed reports. A simple example is given where a GraphQL query allowed access to sensitive information, such as email addresses, simply by adding an attribute to the query. This type of bug is often easy to exploit and can have significant impacts, such as the leakage of personal data. Next, the author discusses creation or update mutations, where interesting bugs were discovered. A notable example is a critical bug where a user could register on a site and then use a mutation to create an administrator account, effectively escalating from an unauthenticated user to an administrator. This type of bug is particularly dangerous because it allows privilege escalation. Deletion bugs are also addressed. An interesting example is a bug in GitLab where a "snippet" deletion mutation could be used to delete an entire repository by manipulating the identifier. This type of bug is less intuitive to test but can have serious consequences. The author also mentions denial of service bugs, noting that GraphQL has a high potential for this type of vulnerability. An example is given where a bug was rewarded by Google for its creativity and impact. SQL injections are also discussed, with an example where an SQL injection occurred in the query parameters themselves, rather than in the GraphQL parameters, which is unusual and interesting. Finally, the author addresses reports concerning the disclosure of the GraphQL schema, noting that while this is not a vulnerability in itself, it can facilitate the exploitation of other vulnerabilities. CSRF attacks are also mentioned, with an example where a HEAD request was used to bypass CSRF protections. The author concludes by encouraging viewers to deepen their knowledge of GraphQL by consulting the full article and the database of reports. They emphasize the importance of testing different types of bugs and not limiting oneself to authorization issues. For more information, watch the full video at the following address: https://www.youtube.com/watch?v=9tNUPpB1gto