Hi everyone,
In this article, I’ll share the finding name is Introspection GraphQl.
Ok let’s go
first time I’ll get GraphQL request form this site
after get the request, I’ll modif the payload. you can using the payload below
then let’s take a look the response, you can use extension from burpsuite for simply modif, the name is InQl
If the response like this, this indicates that introspection graphql is enabled
then copy the link URL of the request and paste on InQL
Wow you can see all of the Query and Mutation from the website.
I have tried several Queries but nothing interesting, maybe because they have validated all queries and their mutations
TIMELINE :
Report : 7/12/2022
Duplicate : 10/12/2022
