GraphQL Gatecrash: When an Introspection Query Opened the Whole Backend ️

This article describes how a security researcher accidentally gained full access to a company’s backend database through a GraphQL endpoint that was left open without any authentication.
The researcher was doing routine subdomain scraping when he came across an open GraphQL endpoint on a wildcard subdomain such as api-dev.example.com/graphql.
He then used Burp Suite to send a GraphQL INTROSPECTION query to understand the endpoint and found that he had full access to the entire backend database with no authentication required.
This could have posed a massive security threat to the company, and the researcher promptly alerted the company to secure the endpoint.
The lesson to be learned is never to leave any endpoints open without proper authentication processes.

Fast Feed