all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

From Response To Request, Adding Your Own Variables Inside Of GraphQL Queries For Account Take Over

Add to bookmarks
May 23, 2023, midnight |

SpiderLabs Blog from Trustwave www.trustwave.com

This blog post is instead about looking at the normal operation of a GraphQL query, looking closely at the response and then using that information to feed back into the request (the GraphQL query itself), to, you got it, make it do something it wasn’t intended to do – resulting in account take over in this instance.

account back blog blog post graphql information own query request response

Visit resource

More from www.trustwave.com / SpiderLabs Blog from Trustwave

The Invisible Battleground: Essentials of EASM 6 days, 5 hours ago | www.trustwave.com
attack attack surface attack surface management cyber +13
EDR – The Multi-Tool of Security Defenses 6 days, 5 hours ago | www.trustwave.com
blog blog posts can cybersecurity +10
Fake Dialog Boxes to Make Malware More Convincing 1 week, 4 days ago | www.trustwave.com
dialog engagement fake loader +7
The Secret Cipher: Modern Data Loss Prevention Solutions 1 week, 6 days ago | www.trustwave.com
automated can cipher data +18
CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway 2 weeks, 1 day ago | www.trustwave.com
alto arbitrary code attacker code +25
CNAPP, CSPM, CIEM, CWPP – Oh My! 2 weeks, 6 days ago | www.trustwave.com
alphabet ciem cnapp cspm +9
Phishing Deception - Suspended Domains Reveal Malicious Payload for Latin American Region 3 weeks, 2 days ago | www.trustwave.com
american attachment campaign deception +12
Zero Trust Essentials 3 weeks, 6 days ago | www.trustwave.com
blog blog posts can cybersecurity +8
Why We Should Probably Stop Visually Verifying Checksums 1 month ago | www.trustwave.com
checksums hello start thanks +2

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Lead Technical Product Manager - Threat Protection

@ Mastercard | Remote - United Kingdom
View on infosec-jobs.com

Data Privacy Officer

@ Banco Popular | San Juan, PR
View on infosec-jobs.com

GRC Security Program Manager

@ Meta | Bellevue, WA | Menlo Park, CA | Washington, DC | New York City
View on infosec-jobs.com

Cyber Security Engineer

@ ASSYSTEM | Warrington, United Kingdom
View on infosec-jobs.com

Privacy Engineer, Technical Audit

@ Meta | Menlo Park, CA
View on infosec-jobs.com
View more jobs