Accessing Private GraphQL Posts
👩🎓👨🎓 Learn about GraphQL API vulnerabilities! The blog page for this lab contains a hidden blog post that has a secret password. To solve the lab, we must find the hidden blog post and enter the password.
If you're struggling with the concepts covered in this lab, please review https://portswigger.net/web-security/... 🧠
🔗 @PortSwiggerTV challenge: https://portswigger.net/web-security/...
🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register
👾 Join our Discord - https://go.intigriti.com/discord
🎙️ This show is hosted by / _cryptocat ( @_CryptoCat ) & / intigriti
👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com
Overview:
0:00 Intro
0:35 Lab: Accessing private GraphQL posts
0:47 Identify GraphQL API endpoints
1:59 Universal queries
2:20 Discovering schema information (introspection)
2:44 Running a full introspection query
3:29 GraphQL visualizer
4:21 Exploit the vulnerability
5:39 GraphQL in burp suite (automation)
6:22 Conclusion
![Decoding Spotify Barcodes - Defcon 32 Coin Challenge Solution [2024]](https://images.mixrolikus.cc/video/RpXbtmUGyXs)
