Anyone that knows Graphql, would you be able to help me out?

Web Hacking
1

I’m not familiar with Graphql whatsoever, by doing some research, I was able to perform the following query on an open Graphql endpoint:

{
  __type(name: "User") {
    name
    fields {
      name
      type {
        name
        kind
      }
    }
  }
}

This responded with:

{
  "data": {
    "__type": {
      "name": "User",
      "fields": [
        },
        {
          "name": "firstname",
          "type": {
            "name": "String",
            "kind": "SCALAR"
          }
        },
        {
          "name": "lastname",
          "type": {
            "name": "String",
            "kind": "SCALAR"
          }
        },
        {
          "name": "fullName",
          "type": {
            "name": "String",
            "kind": "SCALAR"
          }
        },
        },
        {
          "name": "title",
          "type": {
            "name": "String",
            "kind": "SCALAR"
          }
        },
        {
          "name": "birthday",
          "type": {
            "name": "DateTime",
            "kind": "SCALAR"
          }
        },
        {
          "name": "nationality",
          "type": {
            "name": "String",
            "kind": "SCALAR"
          }
        }
      ]
    }
  }
}

Is there a way to extract the data from here? I’m basically testing to see if I can extract PII from this open Graphql endpoint. Any help would be greatly appreciated!

1 Like
2

Read about GraphQL here https://graphql.org/. You will have the answer once you understand what you are dealing with.

3

There’s a really good Firefox extension that can help you out. An a couple good blogs on ways to get rce and/or have it puke it’s schema an all the data

4

Try to map the schema with GraphQL Playground or something in that genre.
If you already did, you should have the whole map of what query is allowed to extract specific information from database. I am no expert in GraphQL, I only messed around once with it, also BurpSuite has nice extensions for GraphQL I suggest you use them!